CVSROOT: /cvs
Module name: src
Changes by: k...@cvs.openbsd.org 2020/08/24 09:41:15
Modified files:
sys/net : pf_ioctl.c
Log message:
Rehash main ruleset after rule expiration
When "once" rules expire, they are removed from the active ruleset,
hence the main ruleset needs to be rehashed iff itself contains once rules.
After the previous commit, pf_setup_pfsync_matching() became much simpler
but its name even less accurate; simplify it further and rename it to
pf_calc_chksum() while here.
Admins using "once" rules in combination with pfsync(4) are hopefully aware
of this caveat (self-changing rulesets) already, but now the checksum in
"pfctl -v -s info" actually indicates out-of-sync rulesets and is no longer
misleading.
OK sashan
