mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-06 16:40:47 +00:00
pf: drop support for fragment crop|drop-ovl
We removed the code for these modes back in 2015, but converted such configurations to 'scrub fragment reassemble'. It's been long enough, drop the backwards compatibility glue too. Reviewed by: mjg MFC after: never Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37460
This commit is contained in:
parent
57e047e51c
commit
88e858e57c
5
UPDATING
5
UPDATING
|
@ -27,6 +27,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 14.x IS SLOW:
|
||||||
world, or to merely disable the most expensive debugging functionality
|
world, or to merely disable the most expensive debugging functionality
|
||||||
at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
||||||
|
|
||||||
|
20221122:
|
||||||
|
pf no longer accepts 'scrub fragment crop' or 'scrub fragment drop-ovl'.
|
||||||
|
These configurations are no longer automatically reinterpreted as
|
||||||
|
'scrub fragment reassemble'.
|
||||||
|
|
||||||
20221121:
|
20221121:
|
||||||
The WITHOUT_CLANG_IS_CC option has been removed. When Clang is enabled
|
The WITHOUT_CLANG_IS_CC option has been removed. When Clang is enabled
|
||||||
it is always installed as /usr/bin/cc (and c++, cpp).
|
it is always installed as /usr/bin/cc (and c++, cpp).
|
||||||
|
|
|
@ -492,7 +492,7 @@ int parseport(char *, struct range *r, int);
|
||||||
%token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
|
%token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
|
||||||
%token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL
|
%token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL
|
||||||
%token NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE
|
%token NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE
|
||||||
%token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
|
%token REASSEMBLE ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
|
||||||
%token SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE BLOCKPOLICY FAILPOLICY
|
%token SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE BLOCKPOLICY FAILPOLICY
|
||||||
%token RANDOMID REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID
|
%token RANDOMID REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID
|
||||||
%token ANTISPOOF FOR INCLUDE KEEPCOUNTERS SYNCOOKIES L3
|
%token ANTISPOOF FOR INCLUDE KEEPCOUNTERS SYNCOOKIES L3
|
||||||
|
@ -1530,8 +1530,6 @@ scrub_opt : NODF {
|
||||||
|
|
||||||
fragcache : FRAGMENT REASSEMBLE { $$ = 0; /* default */ }
|
fragcache : FRAGMENT REASSEMBLE { $$ = 0; /* default */ }
|
||||||
| FRAGMENT NO REASSEMBLE { $$ = PFRULE_FRAGMENT_NOREASS; }
|
| FRAGMENT NO REASSEMBLE { $$ = PFRULE_FRAGMENT_NOREASS; }
|
||||||
| FRAGMENT FRAGCROP { $$ = 0; }
|
|
||||||
| FRAGMENT FRAGDROP { $$ = 0; }
|
|
||||||
;
|
;
|
||||||
|
|
||||||
antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
|
antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
|
||||||
|
@ -6131,14 +6129,12 @@ lookup(char *s)
|
||||||
{ "cbq", CBQ},
|
{ "cbq", CBQ},
|
||||||
{ "code", CODE},
|
{ "code", CODE},
|
||||||
{ "codelq", CODEL},
|
{ "codelq", CODEL},
|
||||||
{ "crop", FRAGCROP},
|
|
||||||
{ "debug", DEBUG},
|
{ "debug", DEBUG},
|
||||||
{ "divert-reply", DIVERTREPLY},
|
{ "divert-reply", DIVERTREPLY},
|
||||||
{ "divert-to", DIVERTTO},
|
{ "divert-to", DIVERTTO},
|
||||||
{ "dnpipe", DNPIPE},
|
{ "dnpipe", DNPIPE},
|
||||||
{ "dnqueue", DNQUEUE},
|
{ "dnqueue", DNQUEUE},
|
||||||
{ "drop", DROP},
|
{ "drop", DROP},
|
||||||
{ "drop-ovl", FRAGDROP},
|
|
||||||
{ "dup-to", DUPTO},
|
{ "dup-to", DUPTO},
|
||||||
{ "ether", ETHER},
|
{ "ether", ETHER},
|
||||||
{ "fail-policy", FAILPOLICY},
|
{ "fail-policy", FAILPOLICY},
|
||||||
|
|
Loading…
Reference in a new issue