From: henning Date: Tue, 10 Jul 2018 13:01:38 +0000 (+0000) Subject: in pf_set_protostate(), only decrement the half-open states counter when X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=d1b124b3fdd3f51fd21b605bf0d60070c58b27ea;p=openbsd in pf_set_protostate(), only decrement the half-open states counter when the state was created on this host, i. e. not for those pfsync-imported. whether pfsync-imported states should be accounted is a seperate discussion, but as things are, we only increment the counter in pf_create_state(), and imported states don't excercise that path. probably fixes the half-open states accounting underflow-wraparounds that some people have been seeing. ok sashan --- diff --git a/sys/net/pf.c b/sys/net/pf.c index 1a523239ca2..da62df2a060 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1069 2018/07/10 09:28:27 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.1070 2018/07/10 13:01:38 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -402,7 +402,7 @@ pf_set_protostate(struct pf_state *s, int which, u_int8_t newstate) if (s->src.state == newstate) return; - if (s->key[PF_SK_STACK] != NULL && + if (s->creatorid == pf_status.hostid && s->key[PF_SK_STACK] != NULL && s->key[PF_SK_STACK]->proto == IPPROTO_TCP && !(TCPS_HAVEESTABLISHED(s->src.state) || s->src.state == TCPS_CLOSED) &&