svn commit: r246822 - in head/sys: net netpfil/pf

[Gleb Smirnoff]

Author: glebius
Date: Fri Feb 15 09:03:56 2013
New Revision: 246822
URL: http://svnweb.freebsd.org/changeset/base/246822

Log:
  Finish the r244185. This fixes ever growing counter of pfsync bad
  length packets, which was actually harmless.
  
  Note that peers with different version of head/ may grow this
  counter, but it is harmless - all pfsync data is processed.
  
  Reported & tested by:	Anton Yuzhaninov <citrin citrin.ru>
  Sponsored by:		Nginx, Inc

Modified:
  head/sys/net/if_pfsync.h
  head/sys/netpfil/pf/if_pfsync.c

Modified: head/sys/net/if_pfsync.h
==============================================================================
--- head/sys/net/if_pfsync.h	Fri Feb 15 07:58:51 2013	(r246821)
+++ head/sys/net/if_pfsync.h	Fri Feb 15 09:03:56 2013	(r246822)
@@ -67,8 +67,6 @@
 #define	PFSYNC_ACT_EOF		12	/* end of frame */
 #define	PFSYNC_ACT_MAX		13
 
-#define	PFSYNC_HMAC_LEN	20
-
 /*
  * A pfsync frame is built from a header followed by several sections which
  * are all prefixed with their own subheaders. Frames must be terminated with
@@ -205,18 +203,8 @@ struct pfsync_tdb {
 	u_int8_t			_pad[2];
 } __packed;
 
-/*
- * EOF
- */
-
-struct pfsync_eof {
-	u_int8_t			hmac[PFSYNC_HMAC_LEN];
-} __packed;
-
 #define	PFSYNC_HDRLEN		sizeof(struct pfsync_header)
 
-
-
 /*
  * Names for PFSYNC sysctl objects
  */

Modified: head/sys/netpfil/pf/if_pfsync.c
==============================================================================
--- head/sys/netpfil/pf/if_pfsync.c	Fri Feb 15 07:58:51 2013	(r246821)
+++ head/sys/netpfil/pf/if_pfsync.c	Fri Feb 15 09:03:56 2013	(r246822)
@@ -99,8 +99,7 @@ __FBSDID("$FreeBSD$");
 #define PFSYNC_MINPKT ( \
 	sizeof(struct ip) + \
 	sizeof(struct pfsync_header) + \
-	sizeof(struct pfsync_subheader) + \
-	sizeof(struct pfsync_eof))
+	sizeof(struct pfsync_subheader) )
 
 struct pfsync_pkt {
 	struct ip *ip;