From 2636ba4d03b5820a31224e0fede7a743a94b5348 Mon Sep 17 00:00:00 2001 From: "Andrey V. Elsukov" Date: Tue, 27 Nov 2018 16:51:01 +0000 Subject: [PATCH] Do not limit the mbuf queue length for keepalive packets. It was unlimited before overhaul, and one user reported that this limit can be reached easily. PR: 233562 MFC after: 1 week --- sys/netpfil/ipfw/ip_fw_dynamic.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 5035cadeafe0..a540593dacc1 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -349,7 +349,6 @@ VNET_DEFINE_STATIC(uint32_t, dyn_short_lifetime); * dyn_rst_lifetime and dyn_fin_lifetime should be strictly lower * than dyn_keepalive_period. */ -#define DYN_KEEPALIVE_MAXQ 512 VNET_DEFINE_STATIC(uint32_t, dyn_keepalive_interval); VNET_DEFINE_STATIC(uint32_t, dyn_keepalive_period); VNET_DEFINE_STATIC(uint32_t, dyn_keepalive); @@ -2351,7 +2350,7 @@ dyn_send_keepalive_ipv4(struct ip_fw_chain *chain) struct dyn_ipv4_state *s; uint32_t bucket; - mbufq_init(&q, DYN_KEEPALIVE_MAXQ); + mbufq_init(&q, INT_MAX); IPFW_UH_RLOCK(chain); /* * It is safe to not use hazard pointer and just do lockless @@ -2458,7 +2457,7 @@ dyn_send_keepalive_ipv6(struct ip_fw_chain *chain) struct dyn_ipv6_state *s; uint32_t bucket; - mbufq_init(&q, DYN_KEEPALIVE_MAXQ); + mbufq_init(&q, INT_MAX); IPFW_UH_RLOCK(chain); /* * It is safe to not use hazard pointer and just do lockless