CVS commit: [netbsd-9] src

Tue, 14 Mar 2023 10:05:01 -0700 

Module Name:    src
Committed By:   martin
Date:           Tue Mar 14 17:04:51 UTC 2023

Modified Files:
        src/sys/net/npf [netbsd-9]: npf_params.c
        src/usr.sbin/npf [netbsd-9]: npf-params.7

Log Message:
Pull up following revision(s) (requested by kardel in ticket #1612):

        usr.sbin/npf/npf-params.7: revision 1.9
        sys/net/npf/npf_params.c: revision 1.6

PR kern/55654:

Switch default for parameter npf ip4.reassembly to 1.

This makes the NPF default configuration comply with host
requirements for IPv4.


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 src/sys/net/npf/npf_params.c
cvs rdiff -u -r1.2.2.2 -r1.2.2.3 src/usr.sbin/npf/npf-params.7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/npf/npf_params.c
diff -u src/sys/net/npf/npf_params.c:1.1.2.2 src/sys/net/npf/npf_params.c:1.1.2.3
--- src/sys/net/npf/npf_params.c:1.1.2.2	Sat Jun 20 15:46:48 2020
+++ src/sys/net/npf/npf_params.c	Tue Mar 14 17:04:51 2023
@@ -26,7 +26,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.1.2.2 2020/06/20 15:46:48 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.1.2.3 2023/03/14 17:04:51 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -56,7 +56,7 @@ npf_param_general_register(npf_t *npf)
 		{
 			"ip4.reassembly",
 			&npf->ip4_reassembly,
-			.default_val = 0, // false
+			.default_val = 1, // true - host requirements
 			.min = 0, .max = 1
 		},
 		{

Index: src/usr.sbin/npf/npf-params.7
diff -u src/usr.sbin/npf/npf-params.7:1.2.2.2 src/usr.sbin/npf/npf-params.7:1.2.2.3
--- src/usr.sbin/npf/npf-params.7:1.2.2.2	Sat Jun 20 15:46:47 2020
+++ src/usr.sbin/npf/npf-params.7	Tue Mar 14 17:04:51 2023
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf-params.7,v 1.2.2.2 2020/06/20 15:46:47 martin Exp $
+.\" $NetBSD: npf-params.7,v 1.2.2.3 2023/03/14 17:04:51 martin Exp $
 .\"
 .\" Copyright (c) 2019 Mindaugas Rasiukevicius <rmind at netbsd org>
 .\" All rights reserved.
@@ -60,11 +60,11 @@ Default: 1.
 .It Li ip4.reassembly
 Perform IPv4 reassembly before inspecting the packet.
 Fragmentation is considered very harmful, so most networks are expected
-to prevent it; therefore, reassembly is disabled by default.
+to prevent it; reassembly is enabled by default.
 However, while the packet should generally be reassembled at the receiver,
-reassembly by the packet filter might be necessary in order to perform state
+reassembly by the packet filter may be necessary in order to perform state
 tracking.
-Default: 0.
+Default: 1.
 .It Li ip6.reassembly
 Perform IPv6 reassembly before inspecting the packet.
 Discouraged in general but not prohibited by RFC 8200.

Reply via email to