pf: Remove support for 'scrub fragment crop|drop-ovl'
ClosedPublic
Actions

Authored by kp on Aug 23 2015, 2:45 PM.

Details

Reviewers

eri
gnn

Group Reviewers

network
manpages

Commits

rS287222: pf: Remove support for 'scrub fragment crop|drop-ovl'

Summary

The crop/drop-ovl fragment scrub modes are not very useful and likely to confuse
users into making poor choices.
It's also a fairly large amount of complex code, so just remove the support
altogether.

Users who have 'scrub fragment crop|drop-ovl' in their pf configuration will be
implicitly converted to 'scrub fragment reassemble'.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp updated this revision to Diff 8143.Aug 23 2015, 2:45 PM

kp retitled this revision from to pf: Remove support for 'scrub fragment crop|drop-ovl'.

kp updated this object.

kp edited the test plan for this revision. (Show Details)

kp set the repository for this revision to rS FreeBSD src repository - subversion.

Herald added a reviewer: manpages. · View Herald TranscriptAug 23 2015, 2:45 PM

Herald added a subscriber: imp. · View Herald Transcript

kp added a reviewer: network.Aug 25 2015, 1:20 PM

It looks good in general, though I do not like automatic conversion in such case.
Just put in the commit as part of release notes and people need to be fully aware of the change.
Whoever used these options i am certain had their reasons so they should be aware of the change.

sys/netpfil/pf/pf_norm.c
434 ↗	(On Diff #8143)	Is this necessary to be removed?
935 ↗	(On Diff #8143)	Wouldn't be better to rewrite this completely to merged drop and bad together?