Page MenuHomeFreeBSD

libpfctl: improve syncookie watermark calculation
ClosedPublic

Authored by kp on Sep 8 2022, 8:54 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 21, 3:44 AM
Unknown Object (File)
Oct 4 2024, 7:44 PM
Unknown Object (File)
Oct 1 2024, 8:19 PM
Unknown Object (File)
Sep 29 2024, 7:18 AM
Unknown Object (File)
Sep 23 2024, 7:45 PM
Unknown Object (File)
Sep 23 2024, 12:13 PM
Unknown Object (File)
Sep 23 2024, 12:22 AM
Unknown Object (File)
Sep 22 2024, 11:17 AM
Subscribers

Details

Summary

Ensure that we always pass sane limits for the high and low watermark
values.
This is especially important if users do something silly, like set the
state limit to 1. In that case we wound up calculating 0/0 as a limit,
which gets rejected by the kernel.

While here also shift the calculation to use uint64_t, so we don't end
up with overflows (and subsequently higher low than high values) with
very large state limits.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 47295
Build 44182: arc lint + arc unit

Event Timeline

kp requested review of this revision.Sep 8 2022, 8:54 PM
This revision was not accepted when it landed; it landed in state Needs Review.Sep 12 2022, 8:21 AM
This revision was automatically updated to reflect the committed changes.