diff options
| author | David Gwynne <dlg@cvs.openbsd.org> | 2010-07-09 11:16:46 +0000 |
|---|---|---|
| committer | David Gwynne <dlg@cvs.openbsd.org> | 2010-07-09 11:16:46 +0000 |
| commit | acebfcd43698db62c04454720420a0110fd582c7 (patch) | |
| tree | c14253b2b1c8d245dae44c414964b2fa06dae19a /sys/net | |
| parent | e6dda846aa8313c79270c4cca49c4978eb819108 (diff) | |
the current code doesnt detect when its filled a bulk packet so it
keeps on building them, which means that it floods the tx ring on
the pfsync interface rather than actually sending many packets.
this change correctly calculates when we've filled a bulk update
packet.
many thanks to david@ for making me go chase this. ive been wondering
why the state count on my firewalls has had such a discrepency for
a long time now.
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_pfsync.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index eac436fbbdc..bcfb01ad7f0 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.148 2010/07/09 09:01:32 dlg Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.149 2010/07/09 11:16:45 dlg Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -2217,7 +2217,9 @@ pfsync_bulk_update(void *arg) break; } - if (i > 0 && TAILQ_EMPTY(&sc->sc_qs[PFSYNC_S_UPD])) { + if (i > 1 && (sc->sc_if.if_mtu - sc->sc_len) < + sizeof(struct pfsync_state)) { + /* we've filled a packet */ sc->sc_bulk_next = st; timeout_add(&sc->sc_bulk_tmo, 1); break; |