diff options
author | mlaier <mlaier@FreeBSD.org> | 2005-12-25 23:52:00 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2005-12-25 23:52:00 +0000 |
commit | 88140ea8c36c7dfff34f3256cfa57d1b9217be77 (patch) | |
tree | db7b57a30b5bb0ca4fe568540aef28eca0930e2a /sys/contrib | |
parent | c5fcfaa6d9c2756a7c37112842ba75eb73320225 (diff) | |
download | FreeBSD-src-88140ea8c36c7dfff34f3256cfa57d1b9217be77.zip FreeBSD-src-88140ea8c36c7dfff34f3256cfa57d1b9217be77.tar.gz |
Only decrement the max-src-conn counter for tcp connections that reached
"established" state.
Similar to OpenBSD's rev. 1.499 by joel but not breaking ABI.
Obtained from: OpenBSD (with changes)
Reported by: Bruno Afonso
MFC after: 3 days
X-MFC: together with local_flags
Diffstat (limited to 'sys/contrib')
-rw-r--r-- | sys/contrib/pf/net/pf.c | 7 | ||||
-rw-r--r-- | sys/contrib/pf/net/pfvar.h | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index ccdf55f..ae9a82f 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -742,6 +742,9 @@ pf_src_connlimit(struct pf_state **state) int bad = 0; (*state)->src_node->conn++; +#ifdef __FreeBSD__ + (*state)->local_flags |= PFSTATE_SRC_CONN; +#endif pf_add_threshold(&(*state)->src_node->conn_rate); if ((*state)->rule.ptr->max_src_conn && @@ -1074,8 +1077,12 @@ pf_src_tree_remove_state(struct pf_state *s) if (s->src_node != NULL) { if (s->proto == IPPROTO_TCP) { +#ifdef __FreeBSD__ + if (s->local_flags & PFSTATE_SRC_CONN) +#else if (s->src.state == PF_TCPS_PROXY_DST || s->timeout >= PFTM_TCP_ESTABLISHED) +#endif --s->src_node->conn; } if (--s->src_node->states <= 0) { diff --git a/sys/contrib/pf/net/pfvar.h b/sys/contrib/pf/net/pfvar.h index 1282d4f..f741130 100644 --- a/sys/contrib/pf/net/pfvar.h +++ b/sys/contrib/pf/net/pfvar.h @@ -793,6 +793,7 @@ struct pf_state { #ifdef __FreeBSD__ u_int8_t local_flags; #define PFSTATE_EXPIRING 0x01 +#define PFSTATE_SRC_CONN 0x02 #else u_int8_t pad; #endif |