The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=4f822ad2854e4434407456757d9c0ba671f120b0
commit 4f822ad2854e4434407456757d9c0ba671f120b0
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-08 15:18:03 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-09 15:38:08 +0000
pfsync: count failed state insertions
If we fail to import a state, for whatever reason, count this as a bad
action.
We should not drop states without at least incrementing an error count.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/if_pfsync.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index f21bdf15093c..2391edaf1a5a 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -1114,9 +1114,8 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int
flags, int action)
continue;
}
- if (pfsync_state_import(sp, flags, msg_version) == ENOMEM)
- /* Drop out, but process the rest of the actions. */
- break;
+ if (pfsync_state_import(sp, flags, msg_version) != 0)
+ V_pfsyncstats.pfsyncs_badact++;
}
return (total_len);
