From 080f22c0dc544e498e57ad281a9de063fa839957 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 13 Sep 2006 21:13:54 -0700 Subject: [PATCH] [NET]: Mark frame diverter for future removal. The code for frame diverter is unmaintained and has bitrotted. The number of users is very small and the code has lots of problems. If anyone is using it, they maybe exposing themselves to bad packet attacks. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- Documentation/feature-removal-schedule.txt | 13 +++++++++++++ net/Kconfig | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt index d1cd5f93e028..552507fe9a7e 100644 --- a/Documentation/feature-removal-schedule.txt +++ b/Documentation/feature-removal-schedule.txt @@ -281,3 +281,16 @@ Why: The deferred output hooks are a layering violation causing unusual Who: Patrick McHardy --------------------------- + +What: frame diverter +When: November 2006 +Why: The frame diverter is included in most distribution kernels, but is + broken. It does not correctly handle many things: + - IPV6 + - non-linear skb's + - network device RCU on removal + - input frames not correctly checked for protocol errors + It also adds allocation overhead even if not enabled. + It is not clear if anyone is still using it. +Who: Stephen Hemminger + diff --git a/net/Kconfig b/net/Kconfig index c6cec5aa5486..4959a4e1e0fe 100644 --- a/net/Kconfig +++ b/net/Kconfig @@ -177,7 +177,7 @@ source "net/lapb/Kconfig" config NET_DIVERT bool "Frame Diverter (EXPERIMENTAL)" - depends on EXPERIMENTAL + depends on EXPERIMENTAL && BROKEN ---help--- The Frame Diverter allows you to divert packets from the network, that are not aimed at the interface receiving it (in