Re: CVS commit: src/sys/net/npf

To: Emmanuel <joe%netbsd.org@localhost>
Subject: Re: CVS commit: src/sys/net/npf
From: Christoph Badura <bad%bsd.de@localhost>
Date: Tue, 8 Jul 2025 19:30:12 +0200

On Tue, Jul 08, 2025 at 03:56:23PM +0000, Emmanuel wrote:
> Module Name:	src
> Committed By:	joe
> Date:		Tue Jul  8 15:56:23 UTC 2025
> 
> Modified Files:
> 	src/sys/net/npf: npf_handler.c
> 
> Log Message:
> Pass frames directly when no layer 2 rules are set
> 
> NPF's original implementation of default pass is to block. i.e if the packet matches absolutely
> no rule even the default group. we cannot use that in layer 2 as well since all frames will be
> blocked when no rules are set for layer 2 and that would not be good. since NPF is primarily
> a layer 3 filter.

How could this have escape testing?  All the npf tests should have failed if
your description is correct.

--chris

Prev by Date: Re: CVS commit: src/external/mit/xorg/lib/libXfont
Next by Date: Re: CVS commit: src/external/mit/xorg/lib/libXfont
Previous by Thread: Re: CVS commit: src/external/mit/xorg/lib/libXfont
Next by Thread: Re: CVS commit: src/external/mit/xorg/lib/libXfont
Indexes:

Home | Main Index | Thread Index | Old Index