Add comment to the VLAN code about its integration with VIMAGE: we see what

the code is doing, we recognise the legitimacy of its goal, but we're not quite sure it's going about it the right way. More pondering is clearly required. Sponsored by: ADARA Networks, Inc. Discussed with: bz MFC after: 3 days
author: rwatson <rwatson@FreeBSD.org> 2012-01-05 11:24:22 +0000
committer: rwatson <rwatson@FreeBSD.org> 2012-01-05 11:24:22 +0000
commit: 628c91bb51e73fbc8cae061c156984dbc42cc436 (patch)
tree: ee4b4625f5f3aa29d11b04aaf4c07aafd4fee3f9 /sys/net
parent: 8952a0a413cffae99db7587034450cc04ca30726 (diff)
download: FreeBSD-src-628c91bb51e73fbc8cae061c156984dbc42cc436.zip
FreeBSD-src-628c91bb51e73fbc8cae061c156984dbc42cc436.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/net/if_vlan.c b/sys/net/if_vlan.c
index 7fea183..a226644 100644
--- a/sys/net/if_vlan.c
+++ b/sys/net/if_vlan.c
@@ -1597,6 +1597,13 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 
 	case SIOCSETVLAN:
 #ifdef VIMAGE
+		/*
+		 * XXXRW/XXXBZ: The goal in these checks is to allow a VLAN
+		 * interface to be delegated to a jail without allowing the
+		 * jail to change what underlying interface/VID it is
+		 * associated with.  We are not entirely convinced that this
+		 * is the right way to accomplish that goal policy goal.
+		 */
 		if (ifp->if_vnet != ifp->if_home_vnet) {
 			error = EPERM;
 			break;
author	rwatson <rwatson@FreeBSD.org>	2012-01-05 11:24:22 +0000
committer	rwatson <rwatson@FreeBSD.org>	2012-01-05 11:24:22 +0000
commit	628c91bb51e73fbc8cae061c156984dbc42cc436 (patch)
tree	ee4b4625f5f3aa29d11b04aaf4c07aafd4fee3f9 /sys/net
parent	8952a0a413cffae99db7587034450cc04ca30726 (diff)
download	FreeBSD-src-628c91bb51e73fbc8cae061c156984dbc42cc436.zip FreeBSD-src-628c91bb51e73fbc8cae061c156984dbc42cc436.tar.gz