svn commit: r233846 - head/sys/contrib/pf/net
Gleb Smirnoff
glebius at FreeBSD.org
Tue Apr 3 18:12:47 UTC 2012
On Tue, Apr 03, 2012 at 06:09:21PM +0000, Gleb Smirnoff wrote:
T> Author: glebius
T> Date: Tue Apr 3 18:09:20 2012
T> New Revision: 233846
T> URL: http://svn.freebsd.org/changeset/base/233846
T>
T> Log:
T> Since pf 4.5 import pf(4) has a mechanism to defer
T> forwarding a packet, that creates state, until
T> pfsync(4) peer acks state addition (or 10 msec
T> timeout passes).
T>
T> This is needed for active-active CARP configurations,
T> which are poorly supported in FreeBSD and arguably
T> a good idea at all.
T>
T> Unfortunately by the time of import this feature in
T> OpenBSD was turned on, and did not have a switch to
T> turn it off. This leaked to FreeBSD.
T>
T> This change make it possible to turn this feature
T> off via ioctl() and turns it off by default.
Fortunately, we got an unused field in struct pfsyncreq,
so this commit doesn't break ioctl() ABI, and this is
mergeable.
--
Totus tuus, Glebius.
More information about the svn-src-head
mailing list