Diffusion FreeBSD src repository 1ed9b381d470

ifnet: Detach BPF descriptors on interface vmove event
1ed9b381d470
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

ifnet: Detach BPF descriptors on interface vmove event

When an interface is moving to/from a vnet jail, it may still have BPF
descriptors attached. The userland (e.g. tcpdump) does not get noticed
that the interface is departing and still opens BPF descriptors thus
may result in leaking sensitive traffic (e.g. an interface is moved
back to parent jail but a user is still sniffing traffic over it in
the child jail).

Detach BPF descriptors so that the userland will be signaled.

Reviewed by: ae
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D45727

Details

Provenance

zlei	Authored on Tue, Feb 4, 3:04 PM

Reviewer

Differential Revision

D45727: bpf: Detach descriptors on interface vmove event

Parents

rGbb0348a17974: ifnet: Make if_detach_internal() and if_vmove() void

Branches

Unknown

Tags

Unknown

Event Timeline

zlei committed rG1ed9b381d470: ifnet: Detach BPF descriptors on interface vmove event (authored by zlei).Tue, Feb 4, 3:04 PM

zlei added an edge: D45727: bpf: Detach descriptors on interface vmove event.

zlei mentioned this in rGd8413a1c3ba2: ifnet: Fix build without BPF.Thu, Feb 6, 6:33 PM

zlei mentioned this in rG2e4eaf3c13d2: ifnet: Detach BPF descriptors on interface vmove event.Thu, Feb 6, 7:12 PM

zlei mentioned this in rG6b81815307b0: ifnet: Detach BPF descriptors on interface vmove event.Thu, Feb 6, 7:18 PM

Changes (3)

Path

Size

sys/

net/

rG1ed9b381d470

sys/net/bpf.c

Loading...

sys/net/bpf.h

Loading...

sys/net/if.c

Loading...