Date: Mon, 28 Nov 2022 19:22:17 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 88e858e57c49 - main - pf: drop support for fragment crop|drop-ovl Message-ID: <202211281922.2ASJMHLD052061@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=88e858e57c499f996963bd92e5aac4bace3c4fd3 commit 88e858e57c499f996963bd92e5aac4bace3c4fd3 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-11-22 13:43:59 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-11-28 19:19:12 +0000 pf: drop support for fragment crop|drop-ovl We removed the code for these modes back in 2015, but converted such configurations to 'scrub fragment reassemble'. It's been long enough, drop the backwards compatibility glue too. Reviewed by: mjg MFC after: never Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37460 --- UPDATING | 5 +++++ sbin/pfctl/parse.y | 6 +----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/UPDATING b/UPDATING index 3782692c2a49..564336295e7b 100644 --- a/UPDATING +++ b/UPDATING @@ -27,6 +27,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 14.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20221122: + pf no longer accepts 'scrub fragment crop' or 'scrub fragment drop-ovl'. + These configurations are no longer automatically reinterpreted as + 'scrub fragment reassemble'. + 20221121: The WITHOUT_CLANG_IS_CC option has been removed. When Clang is enabled it is always installed as /usr/bin/cc (and c++, cpp). diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 166cbae79087..6f9494828d53 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -492,7 +492,7 @@ int parseport(char *, struct range *r, int); %token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF %token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL %token NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE -%token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR +%token REASSEMBLE ANCHOR NATANCHOR RDRANCHOR BINATANCHOR %token SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE BLOCKPOLICY FAILPOLICY %token RANDOMID REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID %token ANTISPOOF FOR INCLUDE KEEPCOUNTERS SYNCOOKIES L3 @@ -1530,8 +1530,6 @@ scrub_opt : NODF { fragcache : FRAGMENT REASSEMBLE { $$ = 0; /* default */ } | FRAGMENT NO REASSEMBLE { $$ = PFRULE_FRAGMENT_NOREASS; } - | FRAGMENT FRAGCROP { $$ = 0; } - | FRAGMENT FRAGDROP { $$ = 0; } ; antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts { @@ -6131,14 +6129,12 @@ lookup(char *s) { "cbq", CBQ}, { "code", CODE}, { "codelq", CODEL}, - { "crop", FRAGCROP}, { "debug", DEBUG}, { "divert-reply", DIVERTREPLY}, { "divert-to", DIVERTTO}, { "dnpipe", DNPIPE}, { "dnqueue", DNQUEUE}, { "drop", DROP}, - { "drop-ovl", FRAGDROP}, { "dup-to", DUPTO}, { "ether", ETHER}, { "fail-policy", FAILPOLICY},
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202211281922.2ASJMHLD052061>