svn commit: r228816 - head/sys/contrib/pf/net
Gleb Smirnoff
glebius at FreeBSD.org
Thu Dec 22 19:09:55 UTC 2011
Author: glebius
Date: Thu Dec 22 19:09:55 2011
New Revision: 228816
URL: http://svn.freebsd.org/changeset/base/228816
Log:
Merge from OpenBSD:
revision 1.122
date: 2009/05/13 01:01:34; author: dlg; state: Exp; lines: +6 -4
only keep track of the number of updates on tcp connections. state sync on
all the other protocols is simply pushing the timeouts along which has a
resolution of 1 second, so it isnt going to be hurt by pfsync taking up
to a second to send it over.
keep track of updates on tcp still though, their windows need constant
attention.
Modified:
head/sys/contrib/pf/net/if_pfsync.c
Modified: head/sys/contrib/pf/net/if_pfsync.c
==============================================================================
--- head/sys/contrib/pf/net/if_pfsync.c Thu Dec 22 19:05:58 2011 (r228815)
+++ head/sys/contrib/pf/net/if_pfsync.c Thu Dec 22 19:09:55 2011 (r228816)
@@ -46,6 +46,7 @@
* Revisions picked from OpenBSD after revision 1.110 import:
* 1.118, 1.124, 1.148, 1.149, 1.151, 1.171 - fixes to bulk updates
* 1.120, 1.175 - use monotonic time_uptime
+ * 1.122 - reduce number of updates for non-TCP sessions
*/
#ifdef __FreeBSD__
@@ -2605,9 +2606,11 @@ pfsync_update_state(struct pf_state *st)
case PFSYNC_S_INS:
/* we're already handling it */
- st->sync_updates++;
- if (st->sync_updates >= sc->sc_maxupdates)
- sync = 1;
+ if (st->key[PF_SK_WIRE]->proto == IPPROTO_TCP) {
+ st->sync_updates++;
+ if (st->sync_updates >= sc->sc_maxupdates)
+ sync = 1;
+ }
break;
case PFSYNC_S_IACK:
More information about the svn-src-head
mailing list