CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2023/07/31 05:13:10
Modified files:
sys/net : pf.c if_pfsync.c if_pfsync.h
Log message:
don't let pfsync send an insert message for a state pfsync just inserted
sthen@ upgraded and ended up with a lot of pfsync traffic which was
mostly made up of the two firewalls telling each other to insert
the same state over and over again.
this has each of the paths that insert states (actual pf, ioctls,
and pfsync) identify themselves so pfsync can enter them into its
own state machine in the right place. when pfsync inserts a state
into pf, it knows it should just swallow the state silently without
sending out another insert for it.
ok sthen@ sashan@
