From nobody Mon Nov 28 19:22:17 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NLb2K6MTRz4hh31; Mon, 28 Nov 2022 19:22:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NLb2K5jSTz3CLY; Mon, 28 Nov 2022 19:22:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1669663337; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pkOpsojYY3eQZ6QjwRrMMxKt/VF92h71bOPIiZu5+Pc=; b=L714OsGa7LSaOWcbdd8xM+/oVvfbmi4bGDr4t97hgTmg3wV1S6sn03q2iEKW25a1DcfRg1 SiDg7PJZH6NFTO91w+ubqSzY/ui5FJm+ma1WhlfRWfxCvCQn4vJGpVl10M8aOzhjlL53aE nlPbrEGy4sGZ3HedHLAZXGIRfKrAoI923ohvwJ6KCoU456MEP8ywsCbCzjmhjHaij+yag4 JPasoug56pMQ65jax8JN6AFp9f+cY6/7+soRfAImWHmhWvVZypXXWN92RlJTlRHf24Muik M95zVfM4lVbY57e4WjgL+9q+Y1ff84J4tR27O7oJQsJ/JlArKHy7Qzrg6Mc3EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1669663337; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pkOpsojYY3eQZ6QjwRrMMxKt/VF92h71bOPIiZu5+Pc=; b=Ig9YbPuEatCgoHb8fgizos033YJoUSMOW13W6h0Hg/QMe4Ct7vmXJnUPD446llnL1ONHJV n8KJH0p2/oZLoZHHEMEcFZFRg6dC64xlyBMz5Pq+81ltjOhvMjWYsdjLOeKo147ADFC9A9 hEIgZeXhbfvhdT8/ZE3UoCONao6vlsjEmttWgIynWYqju2KFSeHYprjS5n4y9kgYeW/86w fruRTQ5k8M7l2iItz5VP99XLMpNBe4ohF9xG9ywBWcXO+hygvn5vtDad/QD/+YN2bqhJ2n OIu90Gq5ummfMc5mh/XYgtVZiXvxBUgRWGrnQp9Du0Lv5QqSFRZHPesXQ0ga6g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1669663337; a=rsa-sha256; cv=none; b=u4kjfMok9QOaATu7jPsACrM8WRlZG4Li+j+SBR9YU7RQ46/eY0WgbdJN4oLBHMwytWkKLP fGUQKwyJyDjRo9cRQ2Scst6jSKsafikjnGKs7Bo8aN5wHnubno87cZE/alW2Fythvj6hJk DOHBsc5g5BNYq4RIdt3quLzFHjD8Wj8GSpRWaV75NHBQW3Kc38noSsDFbmxOzJm7Pha+4s ge//FthqMjJy6HLB/fal9YZJct58c1Gwdx+1jzwzeAEbjuS1khrVkUUuOFsNExSkuJLK89 gxwi0dcQRLJOftwYyXFYs6UcWfVPNuDI8d3yToV4O/B71rBUn5ALZM4erKBdXg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NLb2K3g5MzpHW; Mon, 28 Nov 2022 19:22:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2ASJMHJN052062; Mon, 28 Nov 2022 19:22:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2ASJMHLD052061; Mon, 28 Nov 2022 19:22:17 GMT (envelope-from git) Date: Mon, 28 Nov 2022 19:22:17 GMT Message-Id: <202211281922.2ASJMHLD052061@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 88e858e57c49 - main - pf: drop support for fragment crop|drop-ovl List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 88e858e57c499f996963bd92e5aac4bace3c4fd3 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=88e858e57c499f996963bd92e5aac4bace3c4fd3 commit 88e858e57c499f996963bd92e5aac4bace3c4fd3 Author: Kristof Provost AuthorDate: 2022-11-22 13:43:59 +0000 Commit: Kristof Provost CommitDate: 2022-11-28 19:19:12 +0000 pf: drop support for fragment crop|drop-ovl We removed the code for these modes back in 2015, but converted such configurations to 'scrub fragment reassemble'. It's been long enough, drop the backwards compatibility glue too. Reviewed by: mjg MFC after: never Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37460 --- UPDATING | 5 +++++ sbin/pfctl/parse.y | 6 +----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/UPDATING b/UPDATING index 3782692c2a49..564336295e7b 100644 --- a/UPDATING +++ b/UPDATING @@ -27,6 +27,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 14.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20221122: + pf no longer accepts 'scrub fragment crop' or 'scrub fragment drop-ovl'. + These configurations are no longer automatically reinterpreted as + 'scrub fragment reassemble'. + 20221121: The WITHOUT_CLANG_IS_CC option has been removed. When Clang is enabled it is always installed as /usr/bin/cc (and c++, cpp). diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 166cbae79087..6f9494828d53 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -492,7 +492,7 @@ int parseport(char *, struct range *r, int); %token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF %token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL %token NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE -%token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR +%token REASSEMBLE ANCHOR NATANCHOR RDRANCHOR BINATANCHOR %token SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE BLOCKPOLICY FAILPOLICY %token RANDOMID REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID %token ANTISPOOF FOR INCLUDE KEEPCOUNTERS SYNCOOKIES L3 @@ -1530,8 +1530,6 @@ scrub_opt : NODF { fragcache : FRAGMENT REASSEMBLE { $$ = 0; /* default */ } | FRAGMENT NO REASSEMBLE { $$ = PFRULE_FRAGMENT_NOREASS; } - | FRAGMENT FRAGCROP { $$ = 0; } - | FRAGMENT FRAGDROP { $$ = 0; } ; antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts { @@ -6131,14 +6129,12 @@ lookup(char *s) { "cbq", CBQ}, { "code", CODE}, { "codelq", CODEL}, - { "crop", FRAGCROP}, { "debug", DEBUG}, { "divert-reply", DIVERTREPLY}, { "divert-to", DIVERTTO}, { "dnpipe", DNPIPE}, { "dnqueue", DNQUEUE}, { "drop", DROP}, - { "drop-ovl", FRAGDROP}, { "dup-to", DUPTO}, { "ether", ETHER}, { "fail-policy", FAILPOLICY},