From 73173ba37325ae10f01bf3e7a90c33c109819308 Mon Sep 17 00:00:00 2001 From: Niels Provos Date: Thu, 28 Jun 2001 22:49:50 +0000 Subject: lower hiwat limits, enforce hi water mark --- sys/net/pf.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'sys/net/pf.c') diff --git a/sys/net/pf.c b/sys/net/pf.c index e0cba116363..17a01ce631d 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.86 2001/06/28 22:38:16 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.87 2001/06/28 22:49:49 provos Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -235,8 +235,8 @@ struct mbuf *pf_reassemble(struct mbuf **, struct pf_fragment *, r->dst.mask, h->ip_dst.s_addr)) \ ) -#define PFFRAG_FRENT_HIWAT 10000 /* Number of fragment entries */ -#define PFFRAG_FRAG_HIWAT 3000 /* Number of fragmented packets */ +#define PFFRAG_FRENT_HIWAT 5000 /* Number of fragment entries */ +#define PFFRAG_FRAG_HIWAT 1000 /* Number of fragmented packets */ int tree_key_compare(struct pf_tree_key *a, struct pf_tree_key *b) @@ -2311,8 +2311,12 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag, struct pf_tree_key key; frag = pool_get(&pf_frag_pl, M_NOWAIT); - if (frag == NULL) - goto drop_fragment; + if (frag == NULL) { + pf_flush_fragments(); + frag = pool_get(&pf_frag_pl, M_NOWAIT); + if (frag == NULL) + goto drop_fragment; + } frag->fr_flags = 0; frag->fr_src = frent->fr_ip->ip_src; @@ -2537,6 +2541,8 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, struct ip *h, return (PF_DROP); } } + if (pf_nfrents > PFFRAG_FRENT_HIWAT) + pf_flush_fragments(); pf_nfrents++; frent->fr_ip = h; frent->fr_m = m; -- cgit v1.2.3