Diffusion FreeBSD src repository d43ac3b76ef7

bridge: Make 802.1ad (Q-in-Q) configurable
d43ac3b76ef7
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

bridge: Make 802.1ad (Q-in-Q) configurable

Allowing tag stacking by default can permit VLAN-hopping attacks in
certain configurations. To mitigate this, disallow sending Q-in-Q
frames by default unless the new "qinq" option is enabled on the
interface. The bridge flag "defqinq" can be used to restore the
previous behaviour of allowing Q-in-Q on all interfaces.

The bridge.4 changes from the differential are omitted here and
will be landed via D51185.

Reviewed by: kevans, pauamma_gundo.com (manpages)
Differential Revision: https://reviews.freebsd.org/D51227

Details

Provenance

ivy	Authored on Aug 5 2025, 5:43 PM

Reviewer

Differential Revision

D51227: bridge: make 802.1ad (Q-in-Q) configurable

Parents

rGd1bcdbd2470f: libutil++: Add package definition

Branches

Unknown

Tags

Unknown

Event Timeline

ivy committed rGd43ac3b76ef7: bridge: Make 802.1ad (Q-in-Q) configurable (authored by ivy).Aug 5 2025, 6:34 PM

ivy added an edge: D51227: bridge: make 802.1ad (Q-in-Q) configurable.Aug 5 2025, 7:26 PM

Changes (5)

Path

Size

sbin/

ifconfig/

sys/

net/

tests/

sys/

net/

if_bridge_test.sh

rGd43ac3b76ef7

sbin/ifconfig/ifbridge.c

Loading...

sbin/ifconfig/ifconfig.8

Loading...

sys/net/if_bridge.c

Loading...

sys/net/if_bridgevar.h

Loading...

tests/sys/net/if_bridge_test.sh

Loading...