Page MenuHomeFreeBSD
Differential D45727

bpf: Detach descriptors on interface departure event
Needs ReviewPublic
Actions

Authored by zlei on Jun 25 2024, 9:08 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 8, 2:52 PM
Unknown Object (File)
Wed, Oct 16, 1:40 PM
Unknown Object (File)
Oct 3 2024, 9:13 AM
Unknown Object (File)
Sep 29 2024, 12:36 AM
Unknown Object (File)
Sep 16 2024, 4:16 PM
Unknown Object (File)
Sep 7 2024, 5:11 PM
Unknown Object (File)
Sep 7 2024, 11:58 AM
Unknown Object (File)
Sep 1 2024, 11:18 AM
View All 16 Files
Subscribers
ae
cy
glebius
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
Summary

When an interface is moving to/from jail, it is still attached to bpf
and the consumers, tcpdump(1) e.g., do not get noticed. That is
counterintuitive and may leak informations ( sniffer traffic in parent
jail/vnet ).

Add a departure handler to cope with that.

Currently this handler has overlap with bpfdetach(), as on destroying
an interface the bpfdetach() is invoked prior to if_detach(), then it
does nothing as bpfdetach() has detached descriptors already.

I'm planning to revise the order to attaching bpf / attaching interface
and detaching interface / detaching bpf. There may be still 3rd party
drivers insist old ordering so the overlap may exist for quite a long
time.

MFC after: 1 week

Test Plan

One session:

# tcpdump -nvi cxl0
tcpdump: listening on cxl0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

Another session:

# jail -ic vnet persist
1
# ifconfig cxl0 vnet 1

On first session

tcpdump: pcap_loop: The interface disappeared
0 packets captured
0 packets received by filter
0 packets dropped by kernel

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

zlei created this revision.Jun 25 2024, 9:08 AM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptJun 25 2024, 9:08 AM
zlei requested review of this revision.Jun 25 2024, 9:08 AM
zlei added a comment.Sep 26 2024, 8:50 AM

Any comment on this ?

ae added a comment.Sep 26 2024, 2:40 PM

You probably can directly call similar to bpf_ifdetach() function from if_vmove(). It is called from ioctl context, so you can make detaching synchronously.

zlei added a comment.Sep 30 2024, 4:40 PM
In D45727#1066919, @ae wrote:

You probably can directly call similar to bpf_ifdetach() function from if_vmove(). It is called from ioctl context, so you can make detaching synchronously.

I've ever considered that approach, and finally chose this, the even handler. The latter is self constrained and loosely coupled, although with a little overhead of brainpower.

zlei added a comment.Sat, Oct 19, 2:40 AM

I'd like to push this to main and MFC to stable/14. Any objections ?

cy added a subscriber: cy.Sun, Oct 20, 7:34 PM
cy added inline comments.
sys/net/bpf.c
3159

Shouldn't whitespace adjustments be their own commit?

zlei marked an inline comment as done.Mon, Oct 21, 2:59 AM
zlei added inline comments.
sys/net/bpf.c
3159

Yeah, actually this drives me to do 1baf6164e4d6 (bpf: Some style and white space cleanup), which includes this whitespace adjustment.

zlei updated this revision to Diff 145235.Mon, Oct 21, 3:11 AM
zlei marked an inline comment as done.

Rebased onto latest main.

Revision Contents
Changeset List

PathSize
sys/
net/
40 lines

Diff 145235

View Options

sys/net/bpf.c

Loading...