diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-05-28 03:05:54 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-05-28 03:05:54 +0000 |
| commit | 7807e0cf8c969211bee4a2309a656aa0f3a56aa7 (patch) | |
| tree | 51a890189dc3de755119c455c135151fdb5de9fa /sbin | |
| parent | 7e853a372e03a60e330b4ff106ebe9eadf115ff2 (diff) | |
Make per-rule adaptive timeouts behave the same way as the global adaptive
timeouts.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/pfctl/parse.y | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index cf56dc2be93..50fecf18c9e 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.499 2006/05/26 01:06:12 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.500 2006/05/28 03:05:53 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -1507,6 +1507,7 @@ pfrule : action dir logquick interface route af proto fromto struct node_proto *proto; int srctrack = 0; int statelock = 0; + int adaptive = 0; if (check_rulestate(PFCTL_STATE_FILTER)) YYERROR; @@ -1714,6 +1715,11 @@ pfrule : action dir logquick interface route af proto fromto r.rule_flag |= o->data.statelock; break; case PF_STATE_OPT_TIMEOUT: + if (o->data.timeout.number == + PFTM_ADAPTIVE_START || + o->data.timeout.number == + PFTM_ADAPTIVE_END) + adaptive = 1; if (r.timeout[o->data.timeout.number]) { yyerror("state timeout %s " "multiple definitions", @@ -1727,6 +1733,12 @@ pfrule : action dir logquick interface route af proto fromto o = o->next; free(p); } + if (!adaptive && r.max_states) { + r.timeout[PFTM_ADAPTIVE_START] = + (r.max_states / 10) * 6; + r.timeout[PFTM_ADAPTIVE_END] = + (r.max_states / 10) * 12; + } if (r.rule_flag & PFRULE_SRCTRACK) { if (srctrack == PF_SRCTRACK_GLOBAL && r.max_src_nodes) { |