svn commit: r228816 - head/sys/contrib/pf/net

[Gleb Smirnoff]

Author: glebius
Date: Thu Dec 22 19:09:55 2011
New Revision: 228816
URL: http://svn.freebsd.org/changeset/base/228816

Log:
  Merge from OpenBSD:
    revision 1.122
    date: 2009/05/13 01:01:34;  author: dlg;  state: Exp;  lines: +6 -4
    only keep track of the number of updates on tcp connections. state sync on
    all the other protocols is simply pushing the timeouts along which has a
    resolution of 1 second, so it isnt going to be hurt by pfsync taking up
    to a second to send it over.
  
    keep track of updates on tcp still though, their windows need constant
    attention.

Modified:
  head/sys/contrib/pf/net/if_pfsync.c

Modified: head/sys/contrib/pf/net/if_pfsync.c
==============================================================================
--- head/sys/contrib/pf/net/if_pfsync.c	Thu Dec 22 19:05:58 2011	(r228815)
+++ head/sys/contrib/pf/net/if_pfsync.c	Thu Dec 22 19:09:55 2011	(r228816)
@@ -46,6 +46,7 @@
  * Revisions picked from OpenBSD after revision 1.110 import:
  * 1.118, 1.124, 1.148, 1.149, 1.151, 1.171 - fixes to bulk updates
  * 1.120, 1.175 - use monotonic time_uptime
+ * 1.122 - reduce number of updates for non-TCP sessions
  */
 
 #ifdef __FreeBSD__
@@ -2605,9 +2606,11 @@ pfsync_update_state(struct pf_state *st)
 	case PFSYNC_S_INS:
 		/* we're already handling it */
 
-		st->sync_updates++;
-		if (st->sync_updates >= sc->sc_maxupdates)
-			sync = 1;
+		if (st->key[PF_SK_WIRE]->proto == IPPROTO_TCP) {
+			st->sync_updates++;
+			if (st->sync_updates >= sc->sc_maxupdates)
+				sync = 1;
+		}
 		break;
 
 	case PFSYNC_S_IACK: