Author: glebius
Date: Fri Feb 15 09:03:56 2013
New Revision: 246822
URL: http://svnweb.freebsd.org/changeset/base/246822
Log:
Finish the r244185. This fixes ever growing counter of pfsync bad
length packets, which was actually harmless.
Note that peers with different version of head/ may grow this
counter, but it is harmless - all pfsync data is processed.
Reported & tested by: Anton Yuzhaninov <citrin citrin.ru>
Sponsored by: Nginx, Inc
Modified:
head/sys/net/if_pfsync.h
head/sys/netpfil/pf/if_pfsync.c
Modified: head/sys/net/if_pfsync.h
==============================================================================
--- head/sys/net/if_pfsync.h Fri Feb 15 07:58:51 2013 (r246821)
+++ head/sys/net/if_pfsync.h Fri Feb 15 09:03:56 2013 (r246822)
@@ -67,8 +67,6 @@
#define PFSYNC_ACT_EOF 12 /* end of frame */
#define PFSYNC_ACT_MAX 13
-#define PFSYNC_HMAC_LEN 20
-
/*
* A pfsync frame is built from a header followed by several sections which
* are all prefixed with their own subheaders. Frames must be terminated with
@@ -205,18 +203,8 @@ struct pfsync_tdb {
u_int8_t _pad[2];
} __packed;
-/*
- * EOF
- */
-
-struct pfsync_eof {
- u_int8_t hmac[PFSYNC_HMAC_LEN];
-} __packed;
-
#define PFSYNC_HDRLEN sizeof(struct pfsync_header)
-
-
/*
* Names for PFSYNC sysctl objects
*/
Modified: head/sys/netpfil/pf/if_pfsync.c
==============================================================================
--- head/sys/netpfil/pf/if_pfsync.c Fri Feb 15 07:58:51 2013
(r246821)
+++ head/sys/netpfil/pf/if_pfsync.c Fri Feb 15 09:03:56 2013
(r246822)
@@ -99,8 +99,7 @@ __FBSDID("$FreeBSD$");
#define PFSYNC_MINPKT ( \
sizeof(struct ip) + \
sizeof(struct pfsync_header) + \
- sizeof(struct pfsync_subheader) + \
- sizeof(struct pfsync_eof))
+ sizeof(struct pfsync_subheader) )
struct pfsync_pkt {
struct ip *ip;
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
