Date: Thu, 22 Dec 2005 22:55:08 +0100 From: Max Laier <max@love2party.net> To: Bruno Afonso <brunomiguel@dequim.ist.utl.pt> Cc: freebsd-pf@freebsd.org Subject: Re: connections weirdness Message-ID: <200512222255.15385.max@love2party.net> In-Reply-To: <43AB1E68.1070007@dequim.ist.utl.pt> References: <43AAFA9A.3070808@dequim.ist.utl.pt> <200512222217.32015.max@love2party.net> <43AB1E68.1070007@dequim.ist.utl.pt>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3020436.RZrodsV6nC Content-Type: multipart/mixed; boundary="Boundary-01=_9CyqD8SV+wWyjKB" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_9CyqD8SV+wWyjKB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 22 December 2005 22:45, Bruno Afonso wrote: > Is it supposed to cleanly apply to -stable? pfvar.h didn't apply cleanly. If you are on RELENG_6, please use this one instead - including the fix for= =20 the other problem from Andrew earlier. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_9CyqD8SV+wWyjKB Content-Type: text/x-diff; charset="iso-8859-1"; name="pf_state_conn.RELENG_6.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="pf_state_conn.RELENG_6.diff" Index: pf.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pf.c,v retrieving revision 1.34.2.2 diff -u -r1.34.2.2 pf.c =2D-- pf.c 12 Sep 2005 11:25:17 -0000 1.34.2.2 +++ pf.c 22 Dec 2005 21:53:07 -0000 @@ -726,6 +726,9 @@ int bad =3D 0; =20 (*state)->src_node->conn++; +#ifdef __FreeBSD__ + (*state)->local_flags |=3D PFSTATE_SRC_CONN; +#endif pf_add_threshold(&(*state)->src_node->conn_rate); =20 if ((*state)->rule.ptr->max_src_conn && @@ -1058,8 +1061,12 @@ =20 if (s->src_node !=3D NULL) { if (s->proto =3D=3D IPPROTO_TCP) { +#ifdef __FreeBSD__ + if (s->local_flags & PFSTATE_SRC_CONN) +#else if (s->src.state =3D=3D PF_TCPS_PROXY_DST || s->timeout >=3D PFTM_TCP_ESTABLISHED) +#endif --s->src_node->conn; } if (--s->src_node->states <=3D 0) { @@ -1086,9 +1093,9 @@ pf_purge_expired_state(struct pf_state *cur) { #ifdef __FreeBSD__ =2D if (cur->sync_flags & PFSTATE_EXPIRING) + if (cur->local_flags & PFSTATE_EXPIRING) return; =2D cur->sync_flags |=3D PFSTATE_EXPIRING; + cur->local_flags |=3D PFSTATE_EXPIRING; #endif if (cur->src.state =3D=3D PF_TCPS_PROXY_DST) pf_send_tcp(cur->rule.ptr, cur->af, Index: pfvar.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pfvar.h,v retrieving revision 1.11.2.1 diff -u -r1.11.2.1 pfvar.h =2D-- pfvar.h 6 Aug 2005 01:52:35 -0000 1.11.2.1 +++ pfvar.h 22 Dec 2005 21:51:26 -0000 @@ -791,9 +791,12 @@ #define PFSTATE_FROMSYNC 0x02 #define PFSTATE_STALE 0x04 #ifdef __FreeBSD__ =2D#define PFSTATE_EXPIRING 0x10 =2D#endif + u_int8_t local_flags; +#define PFSTATE_EXPIRING 0x01 +#define PFSTATE_SRC_CONN 0x02 +#else u_int8_t pad; +#endif }; =20 TAILQ_HEAD(pf_rulequeue, pf_rule); --Boundary-01=_9CyqD8SV+wWyjKB-- --nextPart3020436.RZrodsV6nC Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDqyDDXyyEoT62BG0RAs9BAJ9Z5ip61AsfNUxbe1Ol1I/mVinVAwCcC7Jg JpzZGStVfrlhCap8RVf9EKU= =OpHy -----END PGP SIGNATURE----- --nextPart3020436.RZrodsV6nC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512222255.15385.max>