cvs commit: src/sys/netinet ip_input.c

Max Laier max at love2party.net
Fri Sep 24 05:51:57 PDT 2004


On Friday 24 September 2004 14:18, Maxim Konovalov wrote:
> maxim       2004-09-24 12:18:41 UTC
>
>   FreeBSD src repository
>
>   Modified files:
>     sys/netinet          ip_input.c
>   Log:
>   o Turn net.inet.ip.check_interface sysctl off by default.
>
>   When net.inet.ip.check_interface was MFCed to RELENG_4 3+ years ago in
>   rev. 1.130.2.17 ip_input.c it was 1 by default but shortly changed to
>   0 (accidently?) in rev. 1.130.2.20 in RELENG_4 only.  Among with the
>   fact this knob is not documented it breaks POLA especially in bridge
>   environment.
>
>   OK'ed by:       andre
>   Reviewed by:    -current

Can we have a plan to move towards turning it on again? For RELENG_6 the 
latest. This check is useful and we should have the code exposed by default 
so that new code does not break the assumption. The documentation issue has 
to be resolved, of course.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20040924/3cdebae0/attachment.bin


More information about the cvs-src mailing list