diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2021-07-24 11:59:34 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2021-09-29 13:11:54 +0000 |
| commit | bf8637181a2bb81206ff8c685f1632d07b8feb13 (patch) | |
| tree | 0f9b99ef31c7bcac7e230aa8e980e1cc7aab0316 /sys/net | |
| parent | 4a331971d2f1083f35b87197da0614fa3e0e53cb (diff) | |
| download | src-bf8637181a2bb81206ff8c685f1632d07b8feb13.tar.gz src-bf8637181a2bb81206ff8c685f1632d07b8feb13.zip | |
pf: implement adaptive mode
Use atomic counters to ensure that we correctly track the number of half
open states and syncookie responses in-flight.
This determines if we activate or deactivate syncookies in adaptive
mode.
MFC after: 1 week
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D32134
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pfvar.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index b2c177fba68c..90ef19c59172 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1382,7 +1382,8 @@ struct pf_pdesc { enum pf_syncookies_mode { PF_SYNCOOKIES_NEVER = 0, PF_SYNCOOKIES_ALWAYS = 1, - PF_SYNCOOKIES_MODE_MAX = PF_SYNCOOKIES_ALWAYS + PF_SYNCOOKIES_ADAPTIVE = 2, + PF_SYNCOOKIES_MODE_MAX = PF_SYNCOOKIES_ADAPTIVE }; #ifdef _KERNEL @@ -1402,6 +1403,8 @@ struct pf_kstatus { bool keep_counters; enum pf_syncookies_mode syncookies_mode; bool syncookies_active; + uint64_t syncookies_inflight[2]; + uint32_t states_halfopen; }; #endif |