Details
- Reviewers
kp - Commits
- rG3ec4fbdd98f2: pf tests: Add test for max-src-states
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Add test for another source, describe tests better, check for source nodes in order-independent manner.
| tests/sys/netpfil/pf/src_track.sh | ||
|---|---|---|
| 153 | Shouldn't the third connection still succeed (because we set max-src-states 3)? I haven't looked very closely at this yet, but that jumped out at me. | |
| tests/sys/netpfil/pf/src_track.sh | ||
|---|---|---|
| 153 | That is how it works, pf stops creating new states after 2. I’ve looked at the code, it’s due to how struct pf_ksrc_node->states is abused for reference counting (or at least that is how I understand it). This counter is increased during source node creation and search, even before the state is really created. And then after increasing it’s compared using the >= operator. I have a patch which fixes this and multiple other issues, mostly related to unlocked access to source nodes. I hope to upload it soon. All the patches im sending in the last days are picked from that big patch. I can make another patch only to fix this off by one error, if you want it fixed separately. | |