From owner-svn-src-all@FreeBSD.ORG Fri Feb 15 09:03:57 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 603D83D5; Fri, 15 Feb 2013 09:03:57 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 5316EB3D; Fri, 15 Feb 2013 09:03:57 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1F93ukJ080108; Fri, 15 Feb 2013 09:03:56 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1F93uUv080106; Fri, 15 Feb 2013 09:03:56 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201302150903.r1F93uUv080106@svn.freebsd.org> From: Gleb Smirnoff Date: Fri, 15 Feb 2013 09:03:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r246822 - in head/sys: net netpfil/pf X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2013 09:03:57 -0000 Author: glebius Date: Fri Feb 15 09:03:56 2013 New Revision: 246822 URL: http://svnweb.freebsd.org/changeset/base/246822 Log: Finish the r244185. This fixes ever growing counter of pfsync bad length packets, which was actually harmless. Note that peers with different version of head/ may grow this counter, but it is harmless - all pfsync data is processed. Reported & tested by: Anton Yuzhaninov Sponsored by: Nginx, Inc Modified: head/sys/net/if_pfsync.h head/sys/netpfil/pf/if_pfsync.c Modified: head/sys/net/if_pfsync.h ============================================================================== --- head/sys/net/if_pfsync.h Fri Feb 15 07:58:51 2013 (r246821) +++ head/sys/net/if_pfsync.h Fri Feb 15 09:03:56 2013 (r246822) @@ -67,8 +67,6 @@ #define PFSYNC_ACT_EOF 12 /* end of frame */ #define PFSYNC_ACT_MAX 13 -#define PFSYNC_HMAC_LEN 20 - /* * A pfsync frame is built from a header followed by several sections which * are all prefixed with their own subheaders. Frames must be terminated with @@ -205,18 +203,8 @@ struct pfsync_tdb { u_int8_t _pad[2]; } __packed; -/* - * EOF - */ - -struct pfsync_eof { - u_int8_t hmac[PFSYNC_HMAC_LEN]; -} __packed; - #define PFSYNC_HDRLEN sizeof(struct pfsync_header) - - /* * Names for PFSYNC sysctl objects */ Modified: head/sys/netpfil/pf/if_pfsync.c ============================================================================== --- head/sys/netpfil/pf/if_pfsync.c Fri Feb 15 07:58:51 2013 (r246821) +++ head/sys/netpfil/pf/if_pfsync.c Fri Feb 15 09:03:56 2013 (r246822) @@ -99,8 +99,7 @@ __FBSDID("$FreeBSD$"); #define PFSYNC_MINPKT ( \ sizeof(struct ip) + \ sizeof(struct pfsync_header) + \ - sizeof(struct pfsync_subheader) + \ - sizeof(struct pfsync_eof)) + sizeof(struct pfsync_subheader) ) struct pfsync_pkt { struct ip *ip;