Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/if_pfsync.c
Show First 20 Lines • Show All 574 Lines • ▼ Show 20 Lines | if (sp->expire) { | ||||
/* sp->expire may have been adaptively scaled by export. */ | /* sp->expire may have been adaptively scaled by export. */ | ||||
st->expire -= timeout - ntohl(sp->expire); | st->expire -= timeout - ntohl(sp->expire); | ||||
} | } | ||||
st->direction = sp->direction; | st->direction = sp->direction; | ||||
st->log = sp->log; | st->log = sp->log; | ||||
st->timeout = sp->timeout; | st->timeout = sp->timeout; | ||||
st->state_flags = sp->state_flags; | /* 8 from old peers, 16 bits from new peers */ | ||||
st->state_flags = sp->state_flags_compat | ntohs(sp->state_flags); | |||||
vegeta_tuxpowered.net: I've borrowed this idea of combining the 8- and 16-bit state flags from OpenBSD before I came… | |||||
if (r == &V_pf_default_rule) { | |||||
/* ToS and Prio are not sent over struct pfsync_state */ | |||||
st->state_flags &= ~PFSTATE_SETMASK; | |||||
} else { | |||||
/* Most actions are applied form state, not from rule. Until | |||||
* pfsync can forward all those actions and their parameters we | |||||
* must relay on restoring them from the found rule. | |||||
* It's a copy of pf_rule_to_actions() */ | |||||
st->qid = r->qid; | |||||
st->pqid = r->pqid; | |||||
st->rtableid = r->rtableid; | |||||
if (r->scrub_flags & PFSTATE_SETTOS) | |||||
st->set_tos = r->set_tos; | |||||
st->min_ttl = r->min_ttl; | |||||
st->max_mss = r->max_mss; | |||||
st->state_flags |= (r->scrub_flags & (PFSTATE_NODF|PFSTATE_RANDOMID| | |||||
PFSTATE_SETTOS|PFSTATE_SCRUB_TCP|PFSTATE_SETPRIO)); | |||||
st->dnpipe = r->dnpipe; | |||||
st->dnrpipe = r->dnrpipe; | |||||
/* FIXME: dnflags are not part of state, can't update them */ | |||||
} | |||||
st->id = sp->id; | st->id = sp->id; | ||||
st->creatorid = sp->creatorid; | st->creatorid = sp->creatorid; | ||||
pf_state_peer_ntoh(&sp->src, &st->src); | pf_state_peer_ntoh(&sp->src, &st->src); | ||||
pf_state_peer_ntoh(&sp->dst, &st->dst); | pf_state_peer_ntoh(&sp->dst, &st->dst); | ||||
st->rule.ptr = r; | st->rule.ptr = r; | ||||
st->nat_rule.ptr = NULL; | st->nat_rule.ptr = NULL; | ||||
▲ Show 20 Lines • Show All 2,138 Lines • Show Last 20 Lines |
I've borrowed this idea of combining the 8- and 16-bit state flags from OpenBSD before I came up with D39392. If D39392 gets approved, this part could be removed.