diff options
| author | Xin LI <delphij@FreeBSD.org> | 2009-12-24 00:43:44 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2009-12-24 00:43:44 +0000 |
| commit | dcc2b1ff467a89c005babf3948557776c63fc7e5 (patch) | |
| tree | 8b8e26c41e778334e32a9f2cec1e86d46a2b4619 /sys/contrib/pf/net/pfvar.h | |
| parent | bbb8e19daf2c41b99ff2776fec487011bf93e638 (diff) | |
| download | src-dcc2b1ff467a89c005babf3948557776c63fc7e5.tar.gz src-dcc2b1ff467a89c005babf3948557776c63fc7e5.zip | |
Adapt OpenBSD pf's "sloopy" TCP state machine which is useful for Direct
Server Return mode, where not all packets would be visible to the load
balancer or gateway.
This commit should be reverted when we merge future pf versions. The
benefit it would provide is that this version does not break any existing
public interface and thus won't be a problem if we want to MFC it to
earlier FreeBSD releases.
Discussed with: mlaier
Obtained from: OpenBSD
Sponsored by: iXsystems, Inc.
MFC after: 1 month
Notes
Notes:
svn path=/head/; revision=200930
Diffstat (limited to 'sys/contrib/pf/net/pfvar.h')
| -rw-r--r-- | sys/contrib/pf/net/pfvar.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/contrib/pf/net/pfvar.h b/sys/contrib/pf/net/pfvar.h index 32e721c5733f..de175b1a0213 100644 --- a/sys/contrib/pf/net/pfvar.h +++ b/sys/contrib/pf/net/pfvar.h @@ -700,6 +700,7 @@ struct pf_rule { /* rule flags again */ #define PFRULE_IFBOUND 0x00010000 /* if-bound */ +#define PFRULE_STATESLOPPY 0x00020000 /* sloppy state tracking */ #define PFSTATE_HIWAT 10000 /* default state table size */ #define PFSTATE_ADAPT_START 6000 /* default adaptive timeout start */ @@ -800,7 +801,9 @@ struct pf_state { u_int8_t pad; #endif u_int8_t log; - u_int8_t allow_opts; + u_int8_t state_flags; +#define PFSTATE_ALLOWOPTS 0x01 +#define PFSTATE_SLOPPY 0x02 u_int8_t timeout; u_int8_t sync_flags; #define PFSTATE_NOSYNC 0x01 |