CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Kristof Provost <kp@FreeBSD.org>
	Tue, 22 Nov 2022 13:23:27 +0000 (14:23 +0100)
committer	Kristof Provost <kp@FreeBSD.org>
	Mon, 28 Nov 2022 19:19:05 +0000 (20:19 +0100)
commit	57e047e51c6daf72912332bc95263084f4f0430c
tree	3aa68aa8e994fba038bbc84fdff5c9d94f2ed63c	tree \| snapshot
parent	ce9f36610ea9ff29d42a2bcfed44b020c2e56dcb	commit \| diff

pf: allow scrub rules without fragment reassemble

scrub rules have defaulted to handling fragments for a long time, but
since we removed "fragment crop" and "fragment drop-ovl" in 64b3b4d611
this has become less obvious and more expensive ("reassemble" being the
more expensive option, even if it's the one the vast majority of users
should be using).

Extend the 'scrub' syntax to allow fragment reassembly to be disabled,
while retaining the other scrub behaviour (e.g. TTL changes, random-id,
..) using 'scrub fragment no reassemble'.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37459

sbin/pfctl/parse.y		diff \| blob \| history
sbin/pfctl/pfctl_parser.c		diff \| blob \| history
sbin/pfctl/tests/files/pf1011.in	[new file with mode: 0644]	blob
sbin/pfctl/tests/files/pf1011.ok	[new file with mode: 0644]	blob
sbin/pfctl/tests/files/pf1012.in	[new file with mode: 0644]	blob
sbin/pfctl/tests/files/pf1012.ok	[new file with mode: 0644]	blob
sbin/pfctl/tests/pfctl_test_list.inc		diff \| blob \| history
share/man/man5/pf.conf.5		diff \| blob \| history
sys/netpfil/pf/pf.h		diff \| blob \| history
sys/netpfil/pf/pf_norm.c		diff \| blob \| history