diff options
| author |   reyk <reyk@openbsd.org> | 2008-06-10 23:12:36 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2008-06-10 23:12:36 +0000 |
| commit | 5fc3c7339517c00e94005afc113af4d5b254884b (patch) | |
| tree | 0ba3cb22ac83728337d144ba150c6285459995d9 | |
| parent | reduce mem usage by about 20% by packing state and type of an inode in a single (diff) | |
| download | wireguard-openbsd-5fc3c7339517c00e94005afc113af4d5b254884b.tar.xz wireguard-openbsd-5fc3c7339517c00e94005afc113af4d5b254884b.zip | |
set the inactivity timeout of redirections to a shorter timeout of 600
seconds by default (pf's default is 86400s), they can be cranked with
the "session timeout" directive and it is consistent to relay session
timeouts. also remove the hack to modify the closing timeout because
pf's sloppy state handling is taking care about half connection
closing now.
| -rw-r--r-- | usr.sbin/relayd/pfe_filter.c | 6 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 7 |
2 files changed, 6 insertions, 7 deletions
diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index 82e8f32e963..f9fb944834c 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.28 2008/06/10 22:02:28 reyk Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.29 2008/06/10 23:12:36 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -366,10 +366,10 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) /* Use sloppy state handling for half connections */ rio.rule.keep_state = PF_STATE_NORMAL; rio.rule.rule_flag = PFRULE_STATESLOPPY; - rio.rule.timeout[PFTM_TCP_CLOSING] = - rdr->conf.timeout.tv_sec; } + rio.rule.timeout[PFTM_TCP_ESTABLISHED] = + rdr->conf.timeout.tv_sec; rio.ticket = env->sc_pf->pfte[rs].ticket; if (ioctl(env->sc_pf->dev, DIOCBEGINADDRS, &pio) == -1) fatal("sync_ruleset: cannot initialise address pool"); diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 81aaf12833c..ec8837c1645 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.85 2008/06/10 22:02:28 reyk Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.86 2008/06/10 23:12:36 reyk Exp $ .\" .\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -439,8 +439,7 @@ Note that the hosts have to accept sessions for the same address as the gateway, this is typically done by configuring a loopback interface on the host with this address. .It Ic session timeout Ar seconds -Specify the timeout after closing in seconds for routed session -states. +Specify the inactivity timeout in seconds for established redirections. The default timeout is 600 seconds (10 minutes). .It Ic sticky-address This has the same effect as specifying sticky-address @@ -551,7 +550,7 @@ see the .Sx PROTOCOLS section below. .It Ic session timeout Ar seconds -Specify the timeout in seconds for accepted sessions. +Specify the inactivity timeout in seconds for accepted sessions. The default timeout is 600 seconds (10 minutes). .El .Sh PROTOCOLS |