CVS commit: src

Sun, 12 Feb 2023 05:21:37 -0800 

Module Name:    src
Committed By:   kardel
Date:           Sun Feb 12 13:21:28 UTC 2023

Modified Files:
        src/sys/net/npf: npf_params.c
        src/usr.sbin/npf: npf-params.7

Log Message:
PR kern/55654:
Switch default for parameter npf ip4.reassembly to 1.
This makes the NPF default configuration comply with host
requirements for IPv4.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/sys/net/npf/npf_params.c
cvs rdiff -u -r1.8 -r1.9 src/usr.sbin/npf/npf-params.7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/npf/npf_params.c
diff -u src/sys/net/npf/npf_params.c:1.5 src/sys/net/npf/npf_params.c:1.6
--- src/sys/net/npf/npf_params.c:1.5	Thu Apr 28 17:28:15 2022
+++ src/sys/net/npf/npf_params.c	Sun Feb 12 13:21:28 2023
@@ -26,7 +26,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.5 2022/04/28 17:28:15 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.6 2023/02/12 13:21:28 kardel Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -56,7 +56,7 @@ npf_param_general_register(npf_t *npf)
 		{
 			"ip4.reassembly",
 			&npf->ip4_reassembly,
-			.default_val = 0, // false
+			.default_val = 1, // true - host requirements
 			.min = 0, .max = 1
 		},
 		{

Index: src/usr.sbin/npf/npf-params.7
diff -u src/usr.sbin/npf/npf-params.7:1.8 src/usr.sbin/npf/npf-params.7:1.9
--- src/usr.sbin/npf/npf-params.7:1.8	Thu Dec 17 05:33:06 2020
+++ src/usr.sbin/npf/npf-params.7	Sun Feb 12 13:21:28 2023
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf-params.7,v 1.8 2020/12/17 05:33:06 taca Exp $
+.\" $NetBSD: npf-params.7,v 1.9 2023/02/12 13:21:28 kardel Exp $
 .\"
 .\" Copyright (c) 2019 Mindaugas Rasiukevicius <rmind at netbsd org>
 .\" All rights reserved.
@@ -60,11 +60,11 @@ Default: 1.
 .It Li ip4.reassembly
 Perform IPv4 reassembly before inspecting the packet.
 Fragmentation is considered very harmful, so most networks are expected
-to prevent it; therefore, reassembly is disabled by default.
+to prevent it; reassembly is enabled by default.
 However, while the packet should generally be reassembled at the receiver,
-reassembly by the packet filter might be necessary in order to perform state
+reassembly by the packet filter may be necessary in order to perform state
 tracking.
-Default: 0.
+Default: 1.
 .It Li ip6.reassembly
 Perform IPv6 reassembly before inspecting the packet.
 Discouraged in general but not prohibited by RFC 8200.

Reply via email to