summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-12-31 00:00:45 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-12-31 00:00:45 +0000
commitb4b233f85561f5c69a711265330e0e2a3eb98152 (patch)
treea3b7aa49ec403b19776f5816e193d7db864f5f35 /sys/net
parentc82488c2e804cec8c1624526915a96555fb18b28 (diff)
Use a default state table limit of 10000 entries. This is safe for all
normal configurations, and sufficient for many. You can always increase it, if you need more concurrent states and have enough memory (65000 for 64MB RAM, for instance). Suggested earlier by henning@. ok mcbride@
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pf.c4
-rw-r--r--sys/net/pf_ioctl.c5
2 files changed, 6 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index e0c0a874187..5f21e196d70 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.288 2002/12/29 20:07:34 cedric Exp $ */
+/* $OpenBSD: pf.c,v 1.289 2002/12/31 00:00:44 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -233,7 +233,7 @@ int pf_socket_lookup(uid_t *, gid_t *, int, sa_family_t,
int, struct pf_pdesc *);
struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] =
- { { &pf_state_pl, UINT_MAX }, { &pf_frent_pl, PFFRAG_FRENT_HIWAT } };
+ { { &pf_state_pl, 10000 }, { &pf_frent_pl, PFFRAG_FRENT_HIWAT } };
#define STATE_TRANSLATE(s) \
(s)->lan.addr.addr32[0] != (s)->gwy.addr.addr32[0] || \
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 496853a1698..6283a0abaaa 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.35 2002/12/30 02:24:35 henning Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.36 2002/12/31 00:00:44 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -109,6 +109,9 @@ pfattach(int num)
pool_init(&pfr_kentry_pl, sizeof(struct pfr_kentry), 0, 0, 0,
"pfr_kentry", NULL);
+ pool_sethardlimit(&pf_state_pl, pf_pool_limits[PF_LIMIT_STATES].limit,
+ NULL, 0);
+
TAILQ_INIT(&pf_anchors);
pf_init_ruleset(&pf_main_ruleset);
TAILQ_INIT(&pf_altqs[0]);