diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-12-31 00:00:45 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-12-31 00:00:45 +0000 |
commit | b4b233f85561f5c69a711265330e0e2a3eb98152 (patch) | |
tree | a3b7aa49ec403b19776f5816e193d7db864f5f35 /sys/net | |
parent | c82488c2e804cec8c1624526915a96555fb18b28 (diff) |
Use a default state table limit of 10000 entries. This is safe for all
normal configurations, and sufficient for many. You can always increase
it, if you need more concurrent states and have enough memory (65000 for
64MB RAM, for instance). Suggested earlier by henning@. ok mcbride@
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pf.c | 4 | ||||
-rw-r--r-- | sys/net/pf_ioctl.c | 5 |
2 files changed, 6 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index e0c0a874187..5f21e196d70 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.288 2002/12/29 20:07:34 cedric Exp $ */ +/* $OpenBSD: pf.c,v 1.289 2002/12/31 00:00:44 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -233,7 +233,7 @@ int pf_socket_lookup(uid_t *, gid_t *, int, sa_family_t, int, struct pf_pdesc *); struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] = - { { &pf_state_pl, UINT_MAX }, { &pf_frent_pl, PFFRAG_FRENT_HIWAT } }; + { { &pf_state_pl, 10000 }, { &pf_frent_pl, PFFRAG_FRENT_HIWAT } }; #define STATE_TRANSLATE(s) \ (s)->lan.addr.addr32[0] != (s)->gwy.addr.addr32[0] || \ diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 496853a1698..6283a0abaaa 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.35 2002/12/30 02:24:35 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.36 2002/12/31 00:00:44 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -109,6 +109,9 @@ pfattach(int num) pool_init(&pfr_kentry_pl, sizeof(struct pfr_kentry), 0, 0, 0, "pfr_kentry", NULL); + pool_sethardlimit(&pf_state_pl, pf_pool_limits[PF_LIMIT_STATES].limit, + NULL, 0); + TAILQ_INIT(&pf_anchors); pf_init_ruleset(&pf_main_ruleset); TAILQ_INIT(&pf_altqs[0]); |