Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-9]: src/usr.sbin/npf Pull up following revision(s) (requested by ...

details:   https://anonhg.NetBSD.org/src/rev/3b1ddb79e899
branches:  netbsd-9
changeset: 373897:3b1ddb79e899
user:      martin <martin%NetBSD.org@localhost>
date:      Tue Mar 14 17:04:51 2023 +0000

description:
Pull up following revision(s) (requested by kardel in ticket #1612):

        usr.sbin/npf/npf-params.7: revision 1.9
        sys/net/npf/npf_params.c: revision 1.6

PR kern/55654:

Switch default for parameter npf ip4.reassembly to 1.

This makes the NPF default configuration comply with host
requirements for IPv4.

diffstat:

 sys/net/npf/npf_params.c  |  4 ++--
 usr.sbin/npf/npf-params.7 |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (45 lines):

diff -r dc27349e1dbb -r 3b1ddb79e899 sys/net/npf/npf_params.c
--- a/sys/net/npf/npf_params.c  Mon Mar 13 21:38:46 2023 +0000
+++ b/sys/net/npf/npf_params.c  Tue Mar 14 17:04:51 2023 +0000
@@ -26,7 +26,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.1.2.2 2020/06/20 15:46:48 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.1.2.3 2023/03/14 17:04:51 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -56,7 +56,7 @@
                {
                        "ip4.reassembly",
                        &npf->ip4_reassembly,
-                       .default_val = 0, // false
+                       .default_val = 1, // true - host requirements
                        .min = 0, .max = 1
                },
                {
diff -r dc27349e1dbb -r 3b1ddb79e899 usr.sbin/npf/npf-params.7
--- a/usr.sbin/npf/npf-params.7 Mon Mar 13 21:38:46 2023 +0000
+++ b/usr.sbin/npf/npf-params.7 Tue Mar 14 17:04:51 2023 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf-params.7,v 1.2.2.2 2020/06/20 15:46:47 martin Exp $
+.\" $NetBSD: npf-params.7,v 1.2.2.3 2023/03/14 17:04:51 martin Exp $
 .\"
 .\" Copyright (c) 2019 Mindaugas Rasiukevicius <rmind at netbsd org>
 .\" All rights reserved.
@@ -60,11 +60,11 @@
 .It Li ip4.reassembly
 Perform IPv4 reassembly before inspecting the packet.
 Fragmentation is considered very harmful, so most networks are expected
-to prevent it; therefore, reassembly is disabled by default.
+to prevent it; reassembly is enabled by default.
 However, while the packet should generally be reassembled at the receiver,
-reassembly by the packet filter might be necessary in order to perform state
+reassembly by the packet filter may be necessary in order to perform state
 tracking.
-Default: 0.
+Default: 1.
 .It Li ip6.reassembly
 Perform IPv6 reassembly before inspecting the packet.
 Discouraged in general but not prohibited by RFC 8200.
Home | Main Index | Thread Index | Old Index