diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-12-07 05:30:28 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-12-07 05:30:28 +0000 |
| commit | 19f9c903fc2760f22631be7691d1815e98dca223 (patch) | |
| tree | 60e04a1cef7b27515a5ef68a99c9da4d8880cad6 /sbin/pfctl | |
| parent | 794ffce479f48a30cd683f84a622ec2692264248 (diff) | |
Change the default for 'overload <table> flush' to flush only states from the
offending source created by the rule. 'flush global' flushes all states
originating from the offending source. ABI change, requires kernel and pfctl
to be in sync.
ok deraadt@ henning@ dhartmei@
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 11 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 6 |
2 files changed, 10 insertions, 7 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 3d3e68a9867..a5e46d0988c 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.462 2004/12/05 10:11:29 dhartmei Exp $ */ +/* $OpenBSD: parse.y,v 1.463 2004/12/07 05:30:26 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -1613,9 +1613,7 @@ pfrule : action dir logquick interface route af proto fromto "strlcpy"); YYERROR; } - if (o->data.overload.flush) - r.rule_flag |= - PFRULE_SRCTRACK_FLUSH; + r.flush = o->data.overload.flush; break; case PF_STATE_OPT_MAX_SRC_CONN: if (r.max_src_conn) { @@ -2807,7 +2805,10 @@ keep : KEEP STATE state_opt_spec { ; flush : /* empty */ { $$ = 0; } - | FLUSH { $$ = 1; } + | FLUSH { $$ = PF_FLUSH; } + | FLUSH GLOBAL { + $$ = PF_FLUSH | PF_FLUSH_GLOBAL; + } ; state_opt_spec : '(' state_opt_list ')' { $$ = $2; } diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 419bbbb6170..748f23b1c02 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.208 2004/12/04 07:58:52 mcbride Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.209 2004/12/07 05:30:27 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -877,8 +877,10 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose) if (!opts) printf(", "); printf("overload <%s>", r->overload_tblname); - if (r->rule_flag & PFRULE_SRCTRACK_FLUSH) + if (r->flush) printf(" flush"); + if (r->flush & PF_FLUSH_GLOBAL) + printf(" global"); } if (r->rule_flag & PFRULE_IFBOUND) { if (!opts) |