diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-05-13 05:23:46 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-05-13 05:23:46 +0000 |
| commit | fb07e165f20c18393b7b21da077d5e5ee3e21462 (patch) | |
| tree | a2ca0f2bdb89a3eb3201c9506d7020cf49ccf010 /sys/net/if_pfsync.c | |
| parent | 376a5da21bac660dd7a044219c50c02bdfb3cb5c (diff) | |
Avoid potential hash collisions and increase efficiency by doing an exact
comparison of the TDB before collapsing multiple updates.
Another ipsec failover fix from Nathanael <list-openbsd-tech@polymorpheus.com>
Diffstat (limited to 'sys/net/if_pfsync.c')
| -rw-r--r-- | sys/net/if_pfsync.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 96c51a8b908..7f907254a71 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.63 2006/05/06 18:31:00 mcbride Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.64 2006/05/13 05:23:45 mcbride Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1640,12 +1640,12 @@ pfsync_update_tdb(struct tdb *tdb) */ struct pfsync_tdb *u = (void *)((char *)h + PFSYNC_HDRLEN); - int hash = tdb_hash(tdb->tdb_spi, &tdb->tdb_dst, - tdb->tdb_sproto); for (i = 0; !pt && i < h->count; i++) { - if (tdb_hash(u->spi, &u->dst, - u->sproto) == hash) { + if (tdb->tdb_spi == u->spi && + tdb->tdb_sproto == u->sproto && + !bcmp(&tdb->tdb_dst, &u->dst, + SA_LEN(&u->dst.sa))) { pt = u; pt->updates++; } |