From 7b376b4859578f9a85ceb479b00d2d131f62b9c4 Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Thu, 8 Feb 2018 09:15:47 +0000 Subject: make the watermarks/thresholds for entering and leaving syncookie mode when syncookies are set to adaptive tunable, ok claudio benno --- sys/net/pf_syncookies.c | 6 +++--- sys/net/pfvar.h | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'sys') diff --git a/sys/net/pf_syncookies.c b/sys/net/pf_syncookies.c index 14becfb2b30..63d15f12bc2 100644 --- a/sys/net/pf_syncookies.c +++ b/sys/net/pf_syncookies.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_syncookies.c,v 1.4 2018/02/08 02:25:44 henning Exp $ */ +/* $OpenBSD: pf_syncookies.c,v 1.5 2018/02/08 09:15:46 henning Exp $ */ /* Copyright (c) 2016,2017 Henning Brauer * Copyright (c) 2016 Alexandr Nedvedicky @@ -132,8 +132,8 @@ pf_syncookies_init(void) { timeout_set(&pf_syncookie_status.keytimeout, pf_syncookie_rotate, NULL); - pf_syncookie_status.hiwat = PFSTATE_HIWAT/4; - pf_syncookie_status.lowat = PFSTATE_HIWAT/8; + pf_syncookie_status.hiwat = PFSTATE_HIWAT * PF_SYNCOOKIES_HIWATPCT/100; + pf_syncookie_status.lowat = PFSTATE_HIWAT * PF_SYNCOOKIES_LOWATPCT/100; pf_syncookies_setmode(PF_SYNCOOKIES_NEVER); } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 7ec2d91da41..fb245426ef4 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.473 2018/02/08 02:25:44 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.474 2018/02/08 09:15:46 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1326,6 +1326,9 @@ struct pf_status { #define PF_SYNCOOKIES_ADAPTIVE 2 #define PF_SYNCOOKIES_MODE_MAX PF_SYNCOOKIES_ADAPTIVE +#define PF_SYNCOOKIES_HIWATPCT 25 +#define PF_SYNCOOKIES_LOWATPCT PF_SYNCOOKIES_HIWATPCT/2 + #define PF_PRIO_ZERO 0xff /* match "prio 0" packets */ struct pf_queue_bwspec { -- cgit v1.2.3