diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-06-21 16:45:38 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-06-21 16:45:38 +0000 |
| commit | 22e73ce17cd076c0283137385a099f5602006761 (patch) | |
| tree | 90ee68c20737fafad8b8386f726cc36efe32a937 /sys | |
| parent | 5d692b9ad6122991afa12698bc3d53b574ee66fa (diff) | |
To assist debugging TCP connection reuse with NAT, expand the
existing log in pf_state_key_attach() from the failed to the reuse
case.
OK mikeb@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 4a482e5baa7..f16a2e15ed4 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.977 2016/06/15 11:49:34 mpi Exp $ */ +/* $OpenBSD: pf.c,v 1.978 2016/06/21 16:45:37 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -669,34 +669,34 @@ pf_state_key_attach(struct pf_state_key *sk, struct pf_state *s, int idx) si->s->key[PF_SK_STACK]->af && sk->af == si->s->key[PF_SK_STACK]->af && si->s->direction != s->direction))) { + int reuse = 0; + if (sk->proto == IPPROTO_TCP && si->s->src.state >= TCPS_FIN_WAIT_2 && - si->s->dst.state >= TCPS_FIN_WAIT_2) { + si->s->dst.state >= TCPS_FIN_WAIT_2) + reuse = 1; + if (pf_status.debug >= LOG_NOTICE) { + log(LOG_NOTICE, + "pf: %s key attach %s on %s: ", + (idx == PF_SK_WIRE) ? + "wire" : "stack", + reuse ? "reuse" : "failed", + s->kif->pfik_name); + pf_print_state_parts(s, + (idx == PF_SK_WIRE) ? sk : NULL, + (idx == PF_SK_STACK) ? sk : NULL); + addlog(", existing: "); + pf_print_state_parts(si->s, + (idx == PF_SK_WIRE) ? sk : NULL, + (idx == PF_SK_STACK) ? sk : NULL); + addlog("\n"); + } + if (reuse) { si->s->src.state = si->s->dst.state = TCPS_CLOSED; /* remove late or sks can go away */ olds = si->s; } else { - if (pf_status.debug >= LOG_NOTICE) { - log(LOG_NOTICE, - "pf: %s key attach " - "failed on %s: ", - (idx == PF_SK_WIRE) ? - "wire" : "stack", - s->kif->pfik_name); - pf_print_state_parts(s, - (idx == PF_SK_WIRE) ? - sk : NULL, - (idx == PF_SK_STACK) ? - sk : NULL); - addlog(", existing: "); - pf_print_state_parts(si->s, - (idx == PF_SK_WIRE) ? - sk : NULL, - (idx == PF_SK_STACK) ? - sk : NULL); - addlog("\n"); - } pool_put(&pf_state_key_pl, sk); return (-1); /* collision! */ } |