Diffusion FreeBSD src repository 57e047e51c6d

pf: allow scrub rules without fragment reassemble
57e047e51c6d
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

pf: allow scrub rules without fragment reassemble

scrub rules have defaulted to handling fragments for a long time, but
since we removed "fragment crop" and "fragment drop-ovl" in 64b3b4d611
this has become less obvious and more expensive ("reassemble" being the
more expensive option, even if it's the one the vast majority of users
should be using).

Extend the 'scrub' syntax to allow fragment reassembly to be disabled,
while retaining the other scrub behaviour (e.g. TTL changes, random-id,
..) using 'scrub fragment no reassemble'.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37459

Details

Provenance

kp	Authored on Nov 22 2022, 1:23 PM

Differential Revision

D37459: pf: allow scrub rules without fragment reassemble

Parents

rGce9f36610ea9: LinuxKPI: SKB: implement skb_peek()

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG57e047e51c6d: pf: allow scrub rules without fragment reassemble (authored by kp).Nov 28 2022, 7:19 PM

kp added an edge: D37459: pf: allow scrub rules without fragment reassemble.Nov 28 2022, 7:23 PM

Changes (10)

Path

Size

sbin/

pfctl/

tests/

files/

pfctl_test_list.inc

share/

man/

man5/

sys/

netpfil/

pf/

rG57e047e51c6d

sbin/pfctl/parse.y

Loading...

sbin/pfctl/pfctl_parser.c

Loading...

sbin/pfctl/tests/files/pf1011.in

Loading...

sbin/pfctl/tests/files/pf1011.ok

Loading...

sbin/pfctl/tests/files/pf1012.in

Loading...

sbin/pfctl/tests/files/pf1012.ok

Loading...

sbin/pfctl/tests/pfctl_test_list.inc

Loading...

share/man/man5/pf.conf.5

Loading...

sys/netpfil/pf/pf.h

Loading...

sys/netpfil/pf/pf_norm.c

Loading...