Page MenuHomeFreeBSD

if_bridge(4): Complete bpf auditing of local traffic over the bridge
ClosedPublic

Authored by kevans on Mar 29 2019, 7:17 PM.

Details

Summary

There were two remaining "gaps" in auditing local bridge traffic with bpf(4):

Locally originated outbound traffic from a member interface is invisible to the bridge's bpf(4) interface. Inbound traffic locally destined to a member interface is invisible to the member's bpf(4) interface.

I call these "gaps" because they don't affect conventional bridge setups. Alas, being able to establish an audit trail of all locally destined traffic for setups that can function like this is surely not a bad thing.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kevans created this revision.Mar 29 2019, 7:17 PM
kristof accepted this revision.Mar 30 2019, 4:53 PM
This revision is now accepted and ready to land.Mar 30 2019, 4:53 PM
This revision was automatically updated to reflect the committed changes.