diff options
author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2005-05-26 02:21:30 +0000 |
---|---|---|
committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2005-05-26 02:21:30 +0000 |
commit | c7f0bea4a11079f52c08e58532f33b741e080c40 (patch) | |
tree | 06acc704565abec1798348a5617590f7b56dc084 /sbin | |
parent | 70db070782e664fb12edd4a7118efa91f4228c2b (diff) |
switch the max_src_{states,conn,conn_rate} from superblock breaks to superblock
optimization barriers to prevent table merging or rule re-ordering
ok dhartmei@
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/pfctl/pfctl_optimize.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c index 07d82ee733e..11fcfbfbd98 100644 --- a/sbin/pfctl/pfctl_optimize.c +++ b/sbin/pfctl/pfctl_optimize.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_optimize.c,v 1.7 2005/05/25 23:58:11 frantzen Exp $ */ +/* $OpenBSD: pfctl_optimize.c,v 1.8 2005/05/26 02:21:29 frantzen Exp $ */ /* * Copyright (c) 2004 Mike Frantzen <frantzen@openbsd.org> @@ -109,6 +109,9 @@ struct pf_rule_field { PF_RULE_FIELD(prob, BARRIER), PF_RULE_FIELD(max_states, BARRIER), PF_RULE_FIELD(max_src_nodes, BARRIER), + PF_RULE_FIELD(max_src_states, BARRIER), + PF_RULE_FIELD(max_src_conn, BARRIER), + PF_RULE_FIELD(max_src_conn_rate, BARRIER), /* * These fields must be the same between all rules in the same superblock. @@ -130,8 +133,6 @@ struct pf_rule_field { PF_RULE_FIELD(return_ttl, BREAK), PF_RULE_FIELD(overload_tblname, BREAK), PF_RULE_FIELD(flush, BREAK), - PF_RULE_FIELD(max_src_conn, BREAK), - PF_RULE_FIELD(max_src_conn_rate, BREAK), PF_RULE_FIELD(rpool, BREAK), /* |