Enable adaptive timeouts by default, with adaptive.start of 60% of the

state limit and adaptive.end of 120% of the state limit.
Explicitly setting the adaptive timeouts will override the default,
and it can be disabled by setting both adaptive.start and adaptive.end to 0.

ok henning@

2 files changed, 6 insertions, 2 deletions

diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index ca3674c4ebc..d4485b8f4ca 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.165 2006/03/04 22:40:16 brad Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.166 2006/05/28 02:45:45 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -190,6 +190,8 @@ pfattach(int num)
 	timeout[PFTM_INTERVAL] = PFTM_INTERVAL_VAL;
 	timeout[PFTM_SRC_NODE] = PFTM_SRC_NODE_VAL;
 	timeout[PFTM_TS_DIFF] = PFTM_TS_DIFF_VAL;
+	timeout[PFTM_ADAPTIVE_START] = PFSTATE_ADAPT_START;
+	timeout[PFTM_ADAPTIVE_END] = PFSTATE_ADAPT_END;
 
 	pf_normalize_init();
 	bzero(&pf_status, sizeof(pf_status));
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index aeafa8a9b97..1d77ed28d92 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.234 2006/03/14 11:09:42 djm Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.235 2006/05/28 02:45:45 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -611,6 +611,8 @@ struct pf_rule {
 #define PFRULE_IFBOUND		0x00010000	/* if-bound */
 
 #define PFSTATE_HIWAT		10000	/* default state table size */
+#define PFSTATE_ADAPT_START	6000	/* default adaptive timeout start */
+#define PFSTATE_ADAPT_END	12000	/* default adaptive timeout end */
 
 
 struct pf_threshold {