Re: connections weirdness

[Max Laier]

On Thursday 22 December 2005 22:45, Bruno Afonso wrote:
> Is it supposed to cleanly apply to -stable? pfvar.h didn't apply cleanly.

If you are on RELENG_6, please use this one instead - including the fix for 
the other problem from Andrew earlier.

-- 
/"\  Best regards,                      | [EMAIL PROTECTED]
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | [EMAIL PROTECTED]
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

Index: pf.c
===================================================================
RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pf.c,v
retrieving revision 1.34.2.2
diff -u -r1.34.2.2 pf.c
--- pf.c	12 Sep 2005 11:25:17 -0000	1.34.2.2
+++ pf.c	22 Dec 2005 21:53:07 -0000
@@ -726,6 +726,9 @@
 	int bad = 0;
 
 	(*state)->src_node->conn++;
+#ifdef __FreeBSD__
+	(*state)->local_flags |= PFSTATE_SRC_CONN;
+#endif
 	pf_add_threshold(&(*state)->src_node->conn_rate);
 
 	if ((*state)->rule.ptr->max_src_conn &&
@@ -1058,8 +1061,12 @@
 
 	if (s->src_node != NULL) {
 		if (s->proto == IPPROTO_TCP) {
+#ifdef __FreeBSD__
+			if (s->local_flags & PFSTATE_SRC_CONN)
+#else
 			if (s->src.state == PF_TCPS_PROXY_DST ||
 			    s->timeout >= PFTM_TCP_ESTABLISHED)
+#endif
 				--s->src_node->conn;
 		}
 		if (--s->src_node->states <= 0) {
@@ -1086,9 +1093,9 @@
 pf_purge_expired_state(struct pf_state *cur)
 {
 #ifdef __FreeBSD__
-	if (cur->sync_flags & PFSTATE_EXPIRING)
+	if (cur->local_flags & PFSTATE_EXPIRING)
 		return;
-	cur->sync_flags |= PFSTATE_EXPIRING;
+	cur->local_flags |= PFSTATE_EXPIRING;
 #endif
 	if (cur->src.state == PF_TCPS_PROXY_DST)
 		pf_send_tcp(cur->rule.ptr, cur->af,
Index: pfvar.h
===================================================================
RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pfvar.h,v
retrieving revision 1.11.2.1
diff -u -r1.11.2.1 pfvar.h
--- pfvar.h	6 Aug 2005 01:52:35 -0000	1.11.2.1
+++ pfvar.h	22 Dec 2005 21:51:26 -0000
@@ -791,9 +791,12 @@
 #define	PFSTATE_FROMSYNC 0x02
 #define	PFSTATE_STALE	 0x04
 #ifdef __FreeBSD__
-#define	PFSTATE_EXPIRING 0x10
-#endif
+	u_int8_t	 local_flags;
+#define	PFSTATE_EXPIRING 0x01
+#define	PFSTATE_SRC_CONN 0x02
+#else
 	u_int8_t	 pad;
+#endif
 };
 
 TAILQ_HEAD(pf_rulequeue, pf_rule);

pgpNwgYvc361k.pgp
Description: PGP signature