On 2011/09/08 17:32, Steffen Wendzel wrote: > Am Donnerstag, den 08.09.2011, 16:20 +0100 schrieb Stuart Henderson: > > On 2011/09/08 13:00, Steffen Wendzel wrote: > > > Final patch: > > > > > > Index: pf_norm.c > > > =================================================================== > > > RCS file: /cvs/src/sys/net/pf_norm.c,v > > > retrieving revision 1.140 > > > diff -u -p -r1.140 pf_norm.c > > > --- pf_norm.c 18 Jul 2011 21:03:10 -0000 1.140 > > > +++ pf_norm.c 8 Sep 2011 10:02:37 -0000 > > > @@ -1454,4 +1454,7 @@ pf_scrub(struct mbuf *m, u_int16_t flags > > > if (flags & PFSTATE_RANDOMID && af == AF_INET && > > > !(h->ip_off & ~htons(IP_DF))) > > > h->ip_id = htons(ip_randomid()); > > > + > > > + /* clear IP reserved flag */ > > > + h->off &= ~htons(IP_RF); > > > } > > > > IMO, this should have a flag and config variable associated with it. > > > > I don't think so since similar features are not linked to config > variables. Most of these tiny features are not even mentioned in the > manpage.
By definition you don't know what this is or may be used for, this might break something. Features like set-tos, no-df etc have config variables. The tos bits could be used as a sidechannel too; we certainly don't want to unilaterally clear them.
