diff options
| author | David Gwynne <dlg@cvs.openbsd.org> | 2009-05-13 01:01:35 +0000 |
|---|---|---|
| committer | David Gwynne <dlg@cvs.openbsd.org> | 2009-05-13 01:01:35 +0000 |
| commit | d1aac33b0b90d5282b1fca41febbdda472347e18 (patch) | |
| tree | cc84505087dfd43ed0cf1cb13c00cf97cbcf2be6 /sys/net/if_pfsync.c | |
| parent | 85cd3778c5fcb7b922f3dd1c0deb887fcfc4e3b1 (diff) | |
only keep track of the number of updates on tcp connections. state sync on
all the other protocols is simply pushing the timeouts along which has a
resolution of 1 second, so it isnt going to be hurt by pfsync taking up
to a second to send it over.
keep track of updates on tcp still though, their windows need constant
attention.
tested by sthen@
Diffstat (limited to 'sys/net/if_pfsync.c')
| -rw-r--r-- | sys/net/if_pfsync.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 54047349670..b8dd3e91578 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.121 2009/04/15 05:11:49 david Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.122 2009/05/13 01:01:34 dlg Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1901,9 +1901,11 @@ pfsync_update_state(struct pf_state *st) case PFSYNC_S_INS: /* we're already handling it */ - st->sync_updates++; - if (st->sync_updates >= sc->sc_maxupdates) - sync = 1; + if (st->key[PF_SK_WIRE]->proto == IPPROTO_TCP) { + st->sync_updates++; + if (st->sync_updates >= sc->sc_maxupdates) + sync = 1; + } break; case PFSYNC_S_IACK: |