freebsd-skq/sys/net
Kyle Evans d8b985430c if_bridge(4): Complete bpf auditing of local traffic over the bridge
There were two remaining "gaps" in auditing local bridge traffic with
bpf(4):

Locally originated outbound traffic from a member interface is invisible to
the bridge's bpf(4) interface. Inbound traffic locally destined to a member
interface is invisible to the member's bpf(4) interface -- this traffic has
no chance after bridge_input to otherwise pass it over, and it wasn't
originally received on this interface.

I call these "gaps" because they don't affect conventional bridge setups.
Alas, being able to establish an audit trail of all locally destined traffic
for setups that can function like this is useful in some scenarios.

Reviewed by:	kp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D19757
2019-05-29 01:08:30 +00:00
..
altq Reduce the time it takes the kernel to install a new PF config containing a large number of queues 2019-02-11 05:17:31 +00:00
bpf_buffer.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
bpf_buffer.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
bpf_filter.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
bpf_jitter.c Make UMA and malloc(9) return non-executable memory in most cases. 2018-06-13 17:04:41 +00:00
bpf_jitter.h Make UMA and malloc(9) return non-executable memory in most cases. 2018-06-13 17:04:41 +00:00
bpf_zerocopy.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
bpf_zerocopy.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
bpf.c Rework r348303 to reduce the time of holding global BPF lock. 2019-05-28 11:45:00 +00:00
bpf.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
bpfdesc.h Rework locking in BPF code to remove rwlock from fast path. 2019-05-13 13:45:28 +00:00
bridgestp.c bridge: Fix panic if the STP root is removed 2019-03-15 11:21:20 +00:00
bridgestp.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
dlt.h Re-apply r190640. 2018-05-31 09:11:21 +00:00
ethernet.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
firewire.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ieee8023ad_lacp.c Select lacp egress ports based on NUMA domain 2019-05-03 14:43:21 +00:00
ieee8023ad_lacp.h Select lacp egress ports based on NUMA domain 2019-05-03 14:43:21 +00:00
ieee_oui.h net: adjust randomized address bits 2019-04-17 17:18:43 +00:00
if_arp.h Improve ARP logging. 2019-03-09 01:12:59 +00:00
if_bridge.c if_bridge(4): Complete bpf auditing of local traffic over the bridge 2019-05-29 01:08:30 +00:00
if_bridgevar.h Allow different bridge types to coexist 2018-05-11 05:00:40 +00:00
if_clone.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_clone.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_dead.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_debug.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_disc.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_dl.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
if_edsc.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_enc.c New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
if_enc.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_epair.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_ethersubr.c Restructure mbuf send tags to provide stronger guarantees. 2019-05-24 22:30:40 +00:00
if_fwsubr.c Improve copy-and-pasted versions of SIOCGIFADDR. 2018-03-27 20:51:49 +00:00
if_gif.c Add handling for appearing/disappearing of ingress addresses to if_gif(4). 2018-10-21 18:06:15 +00:00
if_gif.h Add handling for appearing/disappearing of ingress addresses to if_gif(4). 2018-10-21 18:06:15 +00:00
if_gre.c Add GRE-in-UDP encapsulation support as defined in RFC8086. 2019-04-24 09:05:45 +00:00
if_gre.h Add GRE-in-UDP encapsulation support as defined in RFC8086. 2019-04-24 09:05:45 +00:00
if_ipsec.c Allow configuration of several ipsec interfaces with the same tunnel 2018-11-16 14:21:57 +00:00
if_ipsec.h
if_lagg.c Restructure mbuf send tags to provide stronger guarantees. 2019-05-24 22:30:40 +00:00
if_lagg.h Select lacp egress ports based on NUMA domain 2019-05-03 14:43:21 +00:00
if_llatbl.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_llatbl.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_llc.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
if_loop.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_me.c Add the check that current VNET is ready and access to srchash is allowed. 2018-10-23 13:11:45 +00:00
if_media.c Finish removing FDDI and tokenring media support. 2018-04-23 21:10:33 +00:00
if_media.h if_media: Add new 2.5G/5G/25G/40G/50G/100G/200G/400G media types 2018-08-22 18:19:56 +00:00
if_mib.c
if_mib.h
if_pflog.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_pfsync.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
if_sppp.h
if_spppfr.c
if_spppsubr.c Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
if_stf.c Do not perform DAD on stf(4) interfaces. 2019-03-30 18:00:44 +00:00
if_tap.h tun/tap: merge and rename to tuntap 2019-05-08 02:32:11 +00:00
if_tun.h
if_tuntap.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_types.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
if_var.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_vlan_var.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_vlan.c Restructure mbuf send tags to provide stronger guarantees. 2019-05-24 22:30:40 +00:00
if_vxlan.c net: adjust randomized address bits 2019-04-17 17:18:43 +00:00
if_vxlan.h Add support for IPv6 scoped addresses to vxlan 2017-12-30 04:03:53 +00:00
if.c Restructure mbuf send tags to provide stronger guarantees. 2019-05-24 22:30:40 +00:00
if.h Plug routing sysctl leaks. 2018-11-26 13:42:18 +00:00
ifdi_if.m iflib(9): Add support for cloning pseudo interfaces 2018-05-11 20:08:28 +00:00
iflib_clone.c - Remove the unused ifc_link_irq and ifc_mtx_name members of struct iflib_ctx. 2019-05-06 20:56:41 +00:00
iflib_private.h Use busdma unconditionally in iflib 2018-11-27 20:01:05 +00:00
iflib.c iflib: use default ntxd and nrxd when user value is not power of 2 2019-05-10 00:41:42 +00:00
iflib.h - Remove the unused ifc_link_irq and ifc_mtx_name members of struct iflib_ctx. 2019-05-06 20:56:41 +00:00
ifq.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
mp_ring.c - Merge r338254 from cxgbe(4): 2019-05-09 11:34:46 +00:00
mp_ring.h mp_ring: avoid items offset difference between iflib and mp_ring 2019-01-03 23:06:05 +00:00
mppc.h
mppcc.c
mppcd.c
netisr_internal.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
netisr.c Restructure mbuf send tags to provide stronger guarantees. 2019-05-24 22:30:40 +00:00
netisr.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
netmap_legacy.h netmap: add support for multiple host rings 2019-03-18 12:22:23 +00:00
netmap_user.h netmap: add support for multiple host rings 2019-03-18 12:22:23 +00:00
netmap_virt.h netmap: align codebase to the current upstream (760279cfb2730a585) 2018-12-05 11:57:16 +00:00
netmap.h netmap: add support for multiple host rings 2019-03-18 12:22:23 +00:00
paravirt.h
pfil.c Most Ethernet drivers that potentially can run a pfil(9) hook with 2019-03-10 17:20:09 +00:00
pfil.h Most Ethernet drivers that potentially can run a pfil(9) hook with 2019-03-10 17:20:09 +00:00
pfkeyv2.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
pfvar.h pf :Use counter(9) in pf tables. 2019-03-15 11:08:44 +00:00
ppp_defs.h
radix_mpath.c Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
radix_mpath.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
radix.c Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
radix.h Fix typo. 2018-06-16 19:21:09 +00:00
raw_cb.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
raw_cb.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
raw_usrreq.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
rndis.h rndis: Add LINK_SPEED_CHANGE status 2017-07-24 03:59:50 +00:00
route_var.h Existense of PCB route caching doesn't allow us to use new fast route 2019-05-08 23:39:24 +00:00
route.c Fix gateway setup for the interface routes. 2019-05-22 21:20:15 +00:00
route.h Existense of PCB route caching doesn't allow us to use new fast route 2019-05-08 23:39:24 +00:00
rss_config.c rss: Remove never defined UDP_IPV4_EX 2017-10-11 06:08:01 +00:00
rss_config.h rss: Remove never defined UDP_IPV4_EX 2017-10-11 06:08:01 +00:00
rtsock.c When sending a routing message, don't allow the user to set the 2019-04-14 10:18:14 +00:00
sff8436.h
sff8472.h ifconfig(8): Display extended compliance code string for SFP transceivers 2017-12-05 18:42:07 +00:00
slcompress.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
slcompress.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
toeplitz.c
toeplitz.h
vnet.c With more excessive use of modules, more kernel parts working with 2018-10-30 20:45:15 +00:00
vnet.h Don't mark module data as static on RISC-V. 2018-09-12 08:05:33 +00:00