CVS commit: [netbsd-10] src

[Martin Husemann]

Module Name:    src
Committed By:   martin
Date:           Tue Mar 14 17:02:58 UTC 2023

Modified Files:
        src/sys/net/npf [netbsd-10]: npf_params.c
        src/usr.sbin/npf [netbsd-10]: npf-params.7

Log Message:
Pull up following revision(s) (requested by kardel in ticket #118):

        usr.sbin/npf/npf-params.7: revision 1.9
        sys/net/npf/npf_params.c: revision 1.6

PR kern/55654:

Switch default for parameter npf ip4.reassembly to 1.

This makes the NPF default configuration comply with host
requirements for IPv4.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.5.4.1 src/sys/net/npf/npf_params.c
cvs rdiff -u -r1.8 -r1.8.6.1 src/usr.sbin/npf/npf-params.7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/npf/npf_params.c
diff -u src/sys/net/npf/npf_params.c:1.5 src/sys/net/npf/npf_params.c:1.5.4.1
--- src/sys/net/npf/npf_params.c:1.5	Thu Apr 28 17:28:15 2022
+++ src/sys/net/npf/npf_params.c	Tue Mar 14 17:02:58 2023
@@ -26,7 +26,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.5 2022/04/28 17:28:15 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.5.4.1 2023/03/14 17:02:58 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -56,7 +56,7 @@ npf_param_general_register(npf_t *npf)
 		{
 			"ip4.reassembly",
 			&npf->ip4_reassembly,
-			.default_val = 0, // false
+			.default_val = 1, // true - host requirements
 			.min = 0, .max = 1
 		},
 		{

Index: src/usr.sbin/npf/npf-params.7
diff -u src/usr.sbin/npf/npf-params.7:1.8 src/usr.sbin/npf/npf-params.7:1.8.6.1
--- src/usr.sbin/npf/npf-params.7:1.8	Thu Dec 17 05:33:06 2020
+++ src/usr.sbin/npf/npf-params.7	Tue Mar 14 17:02:57 2023
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf-params.7,v 1.8 2020/12/17 05:33:06 taca Exp $
+.\" $NetBSD: npf-params.7,v 1.8.6.1 2023/03/14 17:02:57 martin Exp $
 .\"
 .\" Copyright (c) 2019 Mindaugas Rasiukevicius <rmind at netbsd org>
 .\" All rights reserved.
@@ -60,11 +60,11 @@ Default: 1.
 .It Li ip4.reassembly
 Perform IPv4 reassembly before inspecting the packet.
 Fragmentation is considered very harmful, so most networks are expected
-to prevent it; therefore, reassembly is disabled by default.
+to prevent it; reassembly is enabled by default.
 However, while the packet should generally be reassembled at the receiver,
-reassembly by the packet filter might be necessary in order to perform state
+reassembly by the packet filter may be necessary in order to perform state
 tracking.
-Default: 0.
+Default: 1.
 .It Li ip6.reassembly
 Perform IPv6 reassembly before inspecting the packet.
 Discouraged in general but not prohibited by RFC 8200.