From 6bc752e028075471b3e4a0d89b930309b9865a48 Mon Sep 17 00:00:00 2001 From: Gleb Smirnoff Date: Thu, 22 Dec 2011 19:09:55 +0000 Subject: [PATCH] Merge from OpenBSD: revision 1.122 date: 2009/05/13 01:01:34; author: dlg; state: Exp; lines: +6 -4 only keep track of the number of updates on tcp connections. state sync on all the other protocols is simply pushing the timeouts along which has a resolution of 1 second, so it isnt going to be hurt by pfsync taking up to a second to send it over. keep track of updates on tcp still though, their windows need constant attention. --- sys/contrib/pf/net/if_pfsync.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sys/contrib/pf/net/if_pfsync.c b/sys/contrib/pf/net/if_pfsync.c index 5b537f2adc1..7699e904be7 100644 --- a/sys/contrib/pf/net/if_pfsync.c +++ b/sys/contrib/pf/net/if_pfsync.c @@ -46,6 +46,7 @@ * Revisions picked from OpenBSD after revision 1.110 import: * 1.118, 1.124, 1.148, 1.149, 1.151, 1.171 - fixes to bulk updates * 1.120, 1.175 - use monotonic time_uptime + * 1.122 - reduce number of updates for non-TCP sessions */ #ifdef __FreeBSD__ @@ -2605,9 +2606,11 @@ pfsync_update_state(struct pf_state *st) case PFSYNC_S_INS: /* we're already handling it */ - st->sync_updates++; - if (st->sync_updates >= sc->sc_maxupdates) - sync = 1; + if (st->key[PF_SK_WIRE]->proto == IPPROTO_TCP) { + st->sync_updates++; + if (st->sync_updates >= sc->sc_maxupdates) + sync = 1; + } break; case PFSYNC_S_IACK: