From owner-freebsd-pf@FreeBSD.ORG Thu Dec 22 21:55:10 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AED0916A41F for ; Thu, 22 Dec 2005 21:55:10 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B2D243D58 for ; Thu, 22 Dec 2005 21:55:09 +0000 (GMT) (envelope-from max@love2party.net) Received: from [84.163.250.1] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis), id 0MKwtQ-1EpYOu1ipJ-0000cI; Thu, 22 Dec 2005 22:55:04 +0100 From: Max Laier Organization: FreeBSD To: Bruno Afonso Date: Thu, 22 Dec 2005 22:55:08 +0100 User-Agent: KMail/1.8.3 References: <43AAFA9A.3070808@dequim.ist.utl.pt> <200512222217.32015.max@love2party.net> <43AB1E68.1070007@dequim.ist.utl.pt> In-Reply-To: <43AB1E68.1070007@dequim.ist.utl.pt> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3020436.RZrodsV6nC"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200512222255.15385.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-pf@freebsd.org Subject: Re: connections weirdness X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2005 21:55:10 -0000 --nextPart3020436.RZrodsV6nC Content-Type: multipart/mixed; boundary="Boundary-01=_9CyqD8SV+wWyjKB" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_9CyqD8SV+wWyjKB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 22 December 2005 22:45, Bruno Afonso wrote: > Is it supposed to cleanly apply to -stable? pfvar.h didn't apply cleanly. If you are on RELENG_6, please use this one instead - including the fix for= =20 the other problem from Andrew earlier. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_9CyqD8SV+wWyjKB Content-Type: text/x-diff; charset="iso-8859-1"; name="pf_state_conn.RELENG_6.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="pf_state_conn.RELENG_6.diff" Index: pf.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pf.c,v retrieving revision 1.34.2.2 diff -u -r1.34.2.2 pf.c =2D-- pf.c 12 Sep 2005 11:25:17 -0000 1.34.2.2 +++ pf.c 22 Dec 2005 21:53:07 -0000 @@ -726,6 +726,9 @@ int bad =3D 0; =20 (*state)->src_node->conn++; +#ifdef __FreeBSD__ + (*state)->local_flags |=3D PFSTATE_SRC_CONN; +#endif pf_add_threshold(&(*state)->src_node->conn_rate); =20 if ((*state)->rule.ptr->max_src_conn && @@ -1058,8 +1061,12 @@ =20 if (s->src_node !=3D NULL) { if (s->proto =3D=3D IPPROTO_TCP) { +#ifdef __FreeBSD__ + if (s->local_flags & PFSTATE_SRC_CONN) +#else if (s->src.state =3D=3D PF_TCPS_PROXY_DST || s->timeout >=3D PFTM_TCP_ESTABLISHED) +#endif --s->src_node->conn; } if (--s->src_node->states <=3D 0) { @@ -1086,9 +1093,9 @@ pf_purge_expired_state(struct pf_state *cur) { #ifdef __FreeBSD__ =2D if (cur->sync_flags & PFSTATE_EXPIRING) + if (cur->local_flags & PFSTATE_EXPIRING) return; =2D cur->sync_flags |=3D PFSTATE_EXPIRING; + cur->local_flags |=3D PFSTATE_EXPIRING; #endif if (cur->src.state =3D=3D PF_TCPS_PROXY_DST) pf_send_tcp(cur->rule.ptr, cur->af, Index: pfvar.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pfvar.h,v retrieving revision 1.11.2.1 diff -u -r1.11.2.1 pfvar.h =2D-- pfvar.h 6 Aug 2005 01:52:35 -0000 1.11.2.1 +++ pfvar.h 22 Dec 2005 21:51:26 -0000 @@ -791,9 +791,12 @@ #define PFSTATE_FROMSYNC 0x02 #define PFSTATE_STALE 0x04 #ifdef __FreeBSD__ =2D#define PFSTATE_EXPIRING 0x10 =2D#endif + u_int8_t local_flags; +#define PFSTATE_EXPIRING 0x01 +#define PFSTATE_SRC_CONN 0x02 +#else u_int8_t pad; +#endif }; =20 TAILQ_HEAD(pf_rulequeue, pf_rule); --Boundary-01=_9CyqD8SV+wWyjKB-- --nextPart3020436.RZrodsV6nC Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDqyDDXyyEoT62BG0RAs9BAJ9Z5ip61AsfNUxbe1Ol1I/mVinVAwCcC7Jg JpzZGStVfrlhCap8RVf9EKU= =OpHy -----END PGP SIGNATURE----- --nextPart3020436.RZrodsV6nC--