freebsd-dev

History

Kristof Provost 22893e5840 bridge: default to not filtering L3 Change the default for net.link.bridge.pfil_member and net.link.bridge.pfil_bridge to zero. That is, default to not calling layer 3 firewalls on the bridge or its member interfaces. With either of these enabled the bridge will, during L2 processing, remove the Ethernet header from packets, feed them to L3 firewalls, re-add the Ethernet header and send them out. Not only does this interact very poorly with firewalls which defer packets, or reassemble and refragment IPv6, it also causes considerable confusion for users, because the firewall gets called in unexpected ways. For example, a bridge which contains a bhyve tap and the host's LAN interface. We'd expect traffic between the LAN and bhyve VM to pass, no matter what (layer 3) firewall rules are set on the host. That's not the case as long as pfil_bridge or pfil_member are set. Reviewed by: Zhenlei Huang MFC: never Differential Revision: https://reviews.freebsd.org/D37009		2022-10-24 08:52:21 +02:00
..
amd64	Add vm_page_any_valid()	2022-10-19 20:24:07 +03:00
arm	arm: Fix name of config file in comment	2022-10-20 10:48:31 -06:00
arm64	ofw: add BUS_GET_DEVICE_PATH interface to openfirm/fdt, somewhat incomplete.	2022-10-18 16:55:47 +09:00
bsm
cam	cam: Use FreeBSD standard copyright	2022-10-07 23:37:46 -06:00
cddl	kinst: Clarify a comment in the trampoline allocator	2022-10-14 11:32:47 -04:00
compat	LinuxKPI: add MSEC_PER_SEC	2022-10-23 21:54:36 +00:00
conf	conf: Document why we have ARM64 and RISCV options	2022-10-20 10:48:31 -06:00
contrib	iwlwifi: prepare to support debugfs	2022-10-22 17:40:17 +00:00
crypto	Fix the IV length in the armv8 AES GCM code	2022-09-06 13:11:04 +01:00
ddb	Fix kernel build after `754cb545b6` .	2022-10-04 17:13:17 +02:00
dev	arm64: Hyper-V: fix couple more commit errors caused by duplicated lines	2022-10-24 08:14:25 +00:00
dts
fs	tmpfs: report minimal hole size	2022-10-19 20:24:07 +03:00
gdb
geom	geom_part: Check number of GPT entries and size of GPT entry	2022-10-18 11:03:02 -04:00
gnu
i386	Add vm_page_any_valid()	2022-10-19 20:24:07 +03:00
isa	Adjust function definition in isa's pnp.c to avoid clang 15 warning	2022-07-27 21:13:59 +02:00
kern	time(3): Fix spelling.	2022-10-23 18:42:11 +02:00
kgssapi
libkern	arm: Remove unused ffs.S	2022-10-20 10:48:31 -06:00
modules	iwlwifi: prepare to support debugfs	2022-10-22 17:40:17 +00:00
net	bridge: default to not filtering L3	2022-10-24 08:52:21 +02:00
net80211	net80211: move IEEE80211_F_WME check to vap for consistency	2022-09-29 12:54:23 +00:00
netgraph	Alter the prototype of qsort_r(3) to match POSIX, which adopted the	2022-09-30 15:26:30 -07:00
netinet	tcp: ECN preparations for ECN++, AccECN (tcp_respond)	2022-10-20 21:48:27 +02:00
netinet6	carp: fix regression panic from `ccd69bd573`	2022-10-17 11:39:40 -07:00
netipsec	tcp: remove INP_TIMEWAIT flag	2022-10-06 19:24:37 -07:00
netlink	netlink: make it working without INET6	2022-10-04 14:39:49 -07:00
netpfil	pf: fix LINT-NOINET6 build	2022-10-15 10:02:35 +02:00
netsmb
nfs
nfsclient
nfsserver
nlm
ofed	ibcore: The use of IN_LOOPBACK() now requires a valid VNET context.	2022-09-23 13:42:03 +02:00
opencrypto	opencrypto: mark INVARIANTS variables as __diagused	2022-08-10 15:35:29 -04:00
powerpc	powerpc: slb_alloc_user_cache: fix missing uma_zalloc wait flag	2022-10-03 20:56:41 -03:00
riscv	riscv: fix relocation handling for R_RISCV_64	2022-10-20 12:01:29 -03:00
rpc	clnt_vc.c: Replace msleep() with pause() to avoid assert panic	2022-10-14 15:46:55 -07:00
security	Bump MAC_VERSION to 5	2022-10-07 15:24:32 +00:00
sys	time(3): Optimize tvtohz() function.	2022-10-23 10:04:50 +02:00
teken
tests
tools	Make #if and #endif do what people expect in *_if.m	2022-10-06 14:35:31 +01:00
ufs	Increase the maximum size of the journaled soft-updates journal.	2022-10-21 11:00:00 -07:00
vm	uma: Never pass cache zones to memguard	2022-10-19 14:36:36 -04:00
x86	x86/busdma: Limit reserved pages if low nsegs	2022-10-21 22:47:33 -07:00
xdr
xen
Makefile