diff options
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 9 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 14 | ||||
| -rw-r--r-- | sys/net/pf_table.c | 4 |
3 files changed, 14 insertions, 13 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 9cc42939eaf..887b9405263 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.470 2004/12/07 10:33:41 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.471 2004/12/07 18:02:03 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -635,7 +635,7 @@ pf_src_connlimit(struct pf_state **state) pf_add_threshold(&(*state)->src_node->conn_rate); if ((*state)->rule.ptr->max_src_conn && - (*state)->rule.ptr->max_src_conn < + (*state)->rule.ptr->max_src_conn < (*state)->src_node->conn) { pf_status.lcounters[LCNT_SRCCONN]++; bad++; @@ -684,7 +684,7 @@ pf_src_connlimit(struct pf_state **state) /* kill existing states if that's required. */ if ((*state)->rule.ptr->flush) { pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; - + RB_FOREACH(s, pf_state_tree_id, &tree_id) { /* * Kill states from this source. (Only those @@ -3861,7 +3861,8 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif, r = TAILQ_NEXT(r, entries); else if (r->prob && r->prob <= arc4random()) r = TAILQ_NEXT(r, entries); - else if (r->match_tag && !pf_match_tag(m, r, NULL, &pftag, &tag)) + else if (r->match_tag && + !pf_match_tag(m, r, NULL, &pftag, &tag)) r = TAILQ_NEXT(r, entries); else { if (r->anchor == NULL) { diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index f38430afe50..cbfbdb1992e 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.134 2004/12/05 10:46:26 dhartmei Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.135 2004/12/07 18:02:04 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2651,15 +2651,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) pstore.expire -= secs; else pstore.expire = 0; - + /* adjust the connection rate estimate */ diff = secs - n->conn_rate.last; - if (diff >= n->conn_rate.seconds) - pstore.conn_rate.count = 0; - else - pstore.conn_rate.count -= + if (diff >= n->conn_rate.seconds) + pstore.conn_rate.count = 0; + else + pstore.conn_rate.count -= n->conn_rate.count * diff / - n->conn_rate.seconds; + n->conn_rate.seconds; error = copyout(&pstore, p, sizeof(*p)); if (error) diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c index e01ad9fdb7d..621809a3b0e 100644 --- a/sys/net/pf_table.c +++ b/sys/net/pf_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_table.c,v 1.61 2004/12/04 07:49:48 mcbride Exp $ */ +/* $OpenBSD: pf_table.c,v 1.62 2004/12/07 18:02:04 mcbride Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -865,7 +865,7 @@ pfr_insert_kentry(struct pfr_ktable *kt, struct pfr_addr *ad, long tzero) p = pfr_lookup_addr(kt, ad, 1); if (p != NULL) return (0); - p = pfr_create_kentry(ad, 1); + p = pfr_create_kentry(ad, 1); if (p == NULL) return (EINVAL); |