diff options
| author |   dlg <dlg@openbsd.org> | 2009-05-13 01:01:34 +0000 |
|---|---|---|
| committer | dlg <dlg@openbsd.org> | 2009-05-13 01:01:34 +0000 |
| commit | b78a2737acaaa91e07a6020a5db27597a7158145 (patch) | |
| tree | f8e385eab413dd3ce271127391a4361a0267817e | |
| parent | don't define _KERNEL. Theres no need and its gross. (diff) | |
| download | wireguard-openbsd-b78a2737acaaa91e07a6020a5db27597a7158145.tar.xz wireguard-openbsd-b78a2737acaaa91e07a6020a5db27597a7158145.zip | |
only keep track of the number of updates on tcp connections. state sync on
all the other protocols is simply pushing the timeouts along which has a
resolution of 1 second, so it isnt going to be hurt by pfsync taking up
to a second to send it over.
keep track of updates on tcp still though, their windows need constant
attention.
tested by sthen@
| -rw-r--r-- | sys/net/if_pfsync.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 54047349670..b8dd3e91578 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.121 2009/04/15 05:11:49 david Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.122 2009/05/13 01:01:34 dlg Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1901,9 +1901,11 @@ pfsync_update_state(struct pf_state *st) case PFSYNC_S_INS: /* we're already handling it */ - st->sync_updates++; - if (st->sync_updates >= sc->sc_maxupdates) - sync = 1; + if (st->key[PF_SK_WIRE]->proto == IPPROTO_TCP) { + st->sync_updates++; + if (st->sync_updates >= sc->sc_maxupdates) + sync = 1; + } break; case PFSYNC_S_IACK: |