Add optional pool memory hard limits, mainly as temporary solution

until pool exhaustion causes problems no more.

1 files changed, 20 insertions, 1 deletions

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 74c1ef2e1b8..9e74d62a194 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pfctl.8,v 1.40 2002/02/11 18:43:51 mpech Exp $
+.\" $OpenBSD: pfctl.8,v 1.41 2002/02/26 07:25:33 dhartmei Exp $
 .\"
 .\" Copyright (c) 2001 Kjell Wooding.  All rights reserved.
 .\"
@@ -35,6 +35,7 @@
 .Op Fl dehnqvz
 .Op Fl F Ar modifier
 .Op Fl l Ar interface
+.Op Fl m Ar modifier
 .Op Fl N Ar file
 .Op Fl O Ar level
 .Op Fl R Ar file
@@ -114,6 +115,24 @@ Enable collection of packet and byte count statistics for interface named
 These statistics can be viewed with the
 .Fl s Ar info
 option.
+.It Fl m Ar modifier
+Gets or sets hard limits on the memory pools used by the packet filter.
+See
+.Xr pool 9
+for an explanation of memory pools.
+The modifier has the form name[=limit], where name specifies one of the
+following pools and limit is either a positive integer (maximum number
+of pool entries) or the string "inf" (removes the limit):
+.Bl -tag -width "m states[=limit] " -compact
+.It Fl m Ar states[=limit]
+Maximum number of entries in the memory pool used by state table
+entries (generated by 'keep state' rules).
+.It Fl m Ar frags[=limit]
+Maximum number of entries in the memory pool used for fragment
+caching (generated by 'scrub' rules).
+.It Fl m Ar all
+Display all maxima, cannot be set.
+.El
 .It Fl n
 Do not actually load rules, just parse them.
 .It Fl N Ar file