1
|
diff --git a/sbin/ifconfig/ifpfsync.c b/sbin/ifconfig/ifpfsync.c
|
2
|
index 0af89e2..2b55f95 100644
|
3
|
--- a/sbin/ifconfig/ifpfsync.c
|
4
|
+++ b/sbin/ifconfig/ifpfsync.c
|
5
|
@@ -203,7 +203,8 @@ pfsync_status(int s)
|
6
|
if (preq.pfsyncr_syncdev[0] != '\0' ||
|
7
|
preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP) {
|
8
|
printf("maxupd: %d ", preq.pfsyncr_maxupdates);
|
9
|
- printf("defer: %s\n", preq.pfsyncr_defer ? "on" : "off");
|
10
|
+ printf("defer: %s\n", (preq.pfsyncr_defer & PFSYNCF_DEFER) ? "on" : "off");
|
11
|
+ printf("syncok: %d\n", (preq.pfsyncr_defer & PFSYNCF_OK) ? 1 : 0);
|
12
|
}
|
13
|
}
|
14
|
|
15
|
diff --git a/sys/net/if_pfsync.h b/sys/net/if_pfsync.h
|
16
|
index 7a72bbb..ef8ba1f 100644
|
17
|
--- a/sys/net/if_pfsync.h
|
18
|
+++ b/sys/net/if_pfsync.h
|
19
|
@@ -241,6 +241,9 @@ struct pfsyncreq {
|
20
|
char pfsyncr_syncdev[IFNAMSIZ];
|
21
|
struct in_addr pfsyncr_syncpeer;
|
22
|
int pfsyncr_maxupdates;
|
23
|
+#define PFSYNCF_OK 0x00000001
|
24
|
+#define PFSYNCF_DEFER 0x00000002
|
25
|
+#define PFSYNCF_PUSH 0x00000004
|
26
|
int pfsyncr_defer;
|
27
|
};
|
28
|
|
29
|
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
|
30
|
index 2afb668..876c281 100644
|
31
|
--- a/sys/netpfil/pf/if_pfsync.c
|
32
|
+++ b/sys/netpfil/pf/if_pfsync.c
|
33
|
@@ -185,9 +185,6 @@ struct pfsync_softc {
|
34
|
struct ip_moptions sc_imo;
|
35
|
struct in_addr sc_sync_peer;
|
36
|
uint32_t sc_flags;
|
37
|
-#define PFSYNCF_OK 0x00000001
|
38
|
-#define PFSYNCF_DEFER 0x00000002
|
39
|
-#define PFSYNCF_PUSH 0x00000004
|
40
|
uint8_t sc_maxupdates;
|
41
|
struct ip sc_template;
|
42
|
struct callout sc_tmo;
|
43
|
@@ -1297,8 +1294,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
44
|
}
|
45
|
pfsyncr.pfsyncr_syncpeer = sc->sc_sync_peer;
|
46
|
pfsyncr.pfsyncr_maxupdates = sc->sc_maxupdates;
|
47
|
- pfsyncr.pfsyncr_defer = (PFSYNCF_DEFER ==
|
48
|
- (sc->sc_flags & PFSYNCF_DEFER));
|
49
|
+ pfsyncr.pfsyncr_defer = sc->sc_flags;
|
50
|
PFSYNC_UNLOCK(sc);
|
51
|
return (copyout(&pfsyncr, ifr->ifr_data, sizeof(pfsyncr)));
|
52
|
|
53
|
@@ -1620,6 +1616,7 @@ pfsync_sendout(int schedswi)
|
54
|
sc->sc_ifp->if_obytes += m->m_pkthdr.len;
|
55
|
sc->sc_len = PFSYNC_MINPKT;
|
56
|
|
57
|
+ /* XXX: SHould not drop voluntarily update packets! */
|
58
|
if (!_IF_QFULL(&sc->sc_ifp->if_snd))
|
59
|
_IF_ENQUEUE(&sc->sc_ifp->if_snd, m);
|
60
|
else {
|
61
|
@@ -1648,6 +1645,10 @@ pfsync_insert_state(struct pf_state *st)
|
62
|
("%s: st->sync_state %u", __func__, st->sync_state));
|
63
|
|
64
|
PFSYNC_LOCK(sc);
|
65
|
+ if (sc == NULL || !(sc->sc_ifp->if_flags & IFF_DRV_RUNNING)) {
|
66
|
+ PFSYNC_UNLOCK(sc);
|
67
|
+ return;
|
68
|
+ }
|
69
|
if (sc->sc_len == PFSYNC_MINPKT)
|
70
|
callout_reset(&sc->sc_tmo, 1 * hz, pfsync_timeout, V_pfsyncif);
|
71
|
|
72
|
@@ -1742,6 +1743,7 @@ pfsync_defer_tmo(void *arg)
|
73
|
free(pd, M_PFSYNC);
|
74
|
PFSYNC_UNLOCK(sc);
|
75
|
|
76
|
+ m->m_flags |= M_SKIP_FIREWALL;
|
77
|
ip_output(m, NULL, NULL, 0, NULL, NULL);
|
78
|
|
79
|
pf_release_state(st);
|
80
|
@@ -1777,6 +1779,10 @@ pfsync_update_state(struct pf_state *st)
|
81
|
PF_STATE_LOCK_ASSERT(st);
|
82
|
PFSYNC_LOCK(sc);
|
83
|
|
84
|
+ if (sc == NULL || !(sc->sc_ifp->if_flags & IFF_DRV_RUNNING)) {
|
85
|
+ PFSYNC_UNLOCK(sc);
|
86
|
+ return;
|
87
|
+ }
|
88
|
if (st->state_flags & PFSTATE_ACK)
|
89
|
pfsync_undefer_state(st, 0);
|
90
|
if (st->state_flags & PFSTATE_NOSYNC) {
|
91
|
@@ -1902,6 +1908,10 @@ pfsync_delete_state(struct pf_state *st)
|
92
|
struct pfsync_softc *sc = V_pfsyncif;
|
93
|
|
94
|
PFSYNC_LOCK(sc);
|
95
|
+ if (sc == NULL || !(sc->sc_ifp->if_flags & IFF_DRV_RUNNING)) {
|
96
|
+ PFSYNC_UNLOCK(sc);
|
97
|
+ return;
|
98
|
+ }
|
99
|
if (st->state_flags & PFSTATE_ACK)
|
100
|
pfsync_undefer_state(st, 1);
|
101
|
if (st->state_flags & PFSTATE_NOSYNC) {
|
102
|
@@ -1955,6 +1965,10 @@ pfsync_clear_states(u_int32_t creatorid, const char *ifname)
|
103
|
r.clr.creatorid = creatorid;
|
104
|
|
105
|
PFSYNC_LOCK(sc);
|
106
|
+ if (sc == NULL || !(sc->sc_ifp->if_flags & IFF_DRV_RUNNING)) {
|
107
|
+ PFSYNC_UNLOCK(sc);
|
108
|
+ return;
|
109
|
+ }
|
110
|
pfsync_send_plus(&r, sizeof(r));
|
111
|
PFSYNC_UNLOCK(sc);
|
112
|
}
|