Skip to content

Commit

Permalink
ifnet: Detach BPF descriptors on interface vmove event
Browse files Browse the repository at this point in the history 
When an interface is moving to/from a vnet jail, it may still have BPF
descriptors attached. The userland (e.g. tcpdump) does not get noticed
that the interface is departing and still opens BPF descriptors thus
may result in leaking sensitive traffic (e.g. an interface is moved
back to parent jail but a user is still sniffing traffic over it in
the child jail).

Detach BPF descriptors so that the userland will be signaled.

Reviewed by:	ae
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D45727

(cherry picked from commit 1ed9b381d4701fc9f66741256e93b96e22273217)

ifnet: Fix build without BPF

The newly introduced function bpf_ifdetach() is only available when
device bpf is enabled.

Fixes:	1ed9b381d470 ifnet: Detach BPF descriptors on interface vmove event
(cherry picked from commit d8413a1c3ba235a79ae6b8cc35767a861855c7e2)
  • Loading branch information
@gmshake @fichtner
gmshake authored and fichtner committed Feb 18, 2025
1 parent 3de3dba commit a9d080a
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 0 deletions.
27 changes: 27 additions & 0 deletions sys/net/bpf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2849,6 +2849,33 @@ bpf_get_bp_params(struct bpf_if *bp, u_int *bif_dlt, u_int *bif_hdrlen)

return (0);
}

/*
* Detach descriptors on interface's vmove event.
*/
void
bpf_ifdetach(struct ifnet *ifp)
{
struct bpf_if *bp;
struct bpf_d *d;

BPF_LOCK();
CK_LIST_FOREACH(bp, &bpf_iflist, bif_next) {
if (bp->bif_ifp != ifp)
continue;

/* Detach common descriptors */
while ((d = CK_LIST_FIRST(&bp->bif_dlist)) != NULL) {
bpf_detachd_locked(d, true);
}

/* Detach writer-only descriptors */
while ((d = CK_LIST_FIRST(&bp->bif_wlist)) != NULL) {
bpf_detachd_locked(d, true);
}
}
BPF_UNLOCK();
}
#endif

/*
Expand Down
1 change: 1 addition & 0 deletions sys/net/bpf.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -431,6 +431,7 @@ void bpfdetach(struct ifnet *);
bool bpf_peers_present_if(struct ifnet *);
#ifdef VIMAGE
int bpf_get_bp_params(struct bpf_if *, u_int *, u_int *);
void bpf_ifdetach(struct ifnet *);
#endif

void bpfilterattach(int);
Expand Down
7 changes: 7 additions & 0 deletions sys/net/if.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1266,6 +1266,13 @@ if_detach_internal(struct ifnet *ifp, bool vmove)
static void
if_vmove(struct ifnet *ifp, struct vnet *new_vnet)
{
#ifdef DEV_BPF
/*
* Detach BPF file descriptors from its interface.
*/
bpf_ifdetach(ifp);
#endif

/*
* Detach from current vnet, but preserve LLADDR info, do not
* mark as dead etc. so that the ifnet can be reattached later.
Expand Down

0 comments on commit a9d080a

Please sign in to comment.