CVSROOT: /cvs
Module name: src
Changes by: cami...@cvs.openbsd.org 2011/11/09 05:36:03
Modified files:
sys/net : if_pfsync.c
Log message:
State expire time is a baseline time ("last active") for expiry
calculations, and does _not_ denote the time when to expire. So
it should never be added to (set into the future).
Try to reconstruct it with an educated guess on state import and
just set it to the current time on state updates.
This fixes a problem on pfsync listeners where the expiry time
could be double the expected value and cause a lot more states
to linger.
Timeout code from mikeb.
Found and testing by Maxim Bourmistrov.
ok mikeb dlg
