summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2006-05-13 05:23:46 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2006-05-13 05:23:46 +0000
commitfb07e165f20c18393b7b21da077d5e5ee3e21462 (patch)
treea2ca0f2bdb89a3eb3201c9506d7020cf49ccf010 /sys
parent376a5da21bac660dd7a044219c50c02bdfb3cb5c (diff)
Avoid potential hash collisions and increase efficiency by doing an exact
comparison of the TDB before collapsing multiple updates. Another ipsec failover fix from Nathanael <list-openbsd-tech@polymorpheus.com>
Diffstat (limited to 'sys')
-rw-r--r--sys/net/if_pfsync.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index 96c51a8b908..7f907254a71 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pfsync.c,v 1.63 2006/05/06 18:31:00 mcbride Exp $ */
+/* $OpenBSD: if_pfsync.c,v 1.64 2006/05/13 05:23:45 mcbride Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff
@@ -1640,12 +1640,12 @@ pfsync_update_tdb(struct tdb *tdb)
*/
struct pfsync_tdb *u =
(void *)((char *)h + PFSYNC_HDRLEN);
- int hash = tdb_hash(tdb->tdb_spi, &tdb->tdb_dst,
- tdb->tdb_sproto);
for (i = 0; !pt && i < h->count; i++) {
- if (tdb_hash(u->spi, &u->dst,
- u->sproto) == hash) {
+ if (tdb->tdb_spi == u->spi &&
+ tdb->tdb_sproto == u->sproto &&
+ !bcmp(&tdb->tdb_dst, &u->dst,
+ SA_LEN(&u->dst.sa))) {
pt = u;
pt->updates++;
}