Details

Reviewers

emaste
markj
glebius

Commits

rG55ea321fe65e: ipfilter: Disable ipfs(8) by default
rG91de9b501aa7: ipfilter: Disable ipfs(8) by default
rGa85c3ef7d801: ipfilter: Disable ipfs(8) by default
rG0ff0c19e7f70: ipfilter: Disable ipfs(8) by default

Summary

At the moment ipfs(8) is a tool that can be easily abused. Though the
concept is sound the implementation needs some work.

ipfs(8) should be considered experimental at the moment.

This commit also makes ipfs support in the kernel optional.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

cy created this revision.Nov 17 2025, 2:41 PM

Herald added subscribers: vegeta_tuxpowered.net, melifaro, imp, bdrewery. · View Herald TranscriptNov 17 2025, 2:41 PM

cy requested review of this revision.Nov 17 2025, 2:41 PM

Harbormaster completed remote builds in B68686: Diff 166562.Nov 17 2025, 2:41 PM

emaste added inline comments.Nov 17 2025, 3:16 PM

sys/conf/NOTES
1049
sys/conf/options
109	in opt_ipfilter.h?

cy added inline comments.Nov 17 2025, 5:25 PM

sys/conf/NOTES
1049	Sounds fair enough.

This looks ok to me with Ed's suggestion applied.

In D53787#1228857, @markj wrote:

This looks ok to me with Ed's suggestion applied.

Ed's suggestion has been applied locally. The revision has also been updated (locally) to also include ip_state. It makes no sense to do this in two commits.

This update incorporates Ed's suggestion. Instead of an additional
commit to conditionally remove ipfs(8) from ip_state.c we do it here
as well.

Harbormaster completed remote builds in B68768: Diff 166851.Nov 20 2025, 2:59 PM

Looks good to me aside from the comment.

share/mk/src.opts.mk
212	I'd suggest calling this IPFILTER_IPFS, since IPFS on its own is a bit terse and the acronym has at least one unrelated meaning (albeit outside of FreeBSD).