Skip to content

Commit

Permalink
kmod-oaf: accept if the client has sent 8 unmatched packets
Browse files Browse the repository at this point in the history
  • Loading branch information
@jjm2473
jjm2473 committed Mar 15, 2024
1 parent 25b5328 commit 9f00313
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions oaf/src/app_filter.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1117,10 +1117,9 @@ u_int32_t app_filter_hook_gateway_handle(struct sk_buff *skb, struct net_device
acct = nf_conn_acct_find(ct);
if(!acct)
return NF_ACCEPT;
total_packets = (unsigned long long)atomic64_read(&acct->counter[IP_CT_DIR_ORIGINAL].packets)
+ (unsigned long long)atomic64_read(&acct->counter[IP_CT_DIR_REPLY].packets);

if (total_packets > MAX_DPI_PKT_NUM) {
total_packets = (unsigned long long)atomic64_read(&acct->counter[IP_CT_DIR_ORIGINAL].packets);
if (total_packets > 8 ||
total_packets + (unsigned long long)atomic64_read(&acct->counter[IP_CT_DIR_REPLY].packets) > MAX_DPI_PKT_NUM) {
ct->mark |= NF_MARK_BIT;
return NF_ACCEPT;
}
Expand Down

0 comments on commit 9f00313

Please sign in to comment.