Date: Thu, 12 Jul 2018 16:35:35 +0000 (UTC) From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r336221 - head/sys/net Message-ID: <201807121635.w6CGZZAN046919@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Thu Jul 12 16:35:35 2018 New Revision: 336221 URL: https://svnweb.freebsd.org/changeset/base/336221 Log: pf: Increate default state table size The typical system now has a lot more memory than when pf was new, and is also expected to handle more connections. Increase the default size of the state table. Note that users can overrule this using 'set limit states' in pf.conf. From OpenBSD: The year is 2018. Mercury, Bowie, Cash, Motorola and DEC all left us. Just pf still has a default state table limit of 10000. Had! Now it's a tiny little bit more, 100k. lead guitar: me ok chorus: phessler theo claudio benno background school girl laughing: bob Obtained from: OpenBSD Modified: head/sys/net/pfvar.h Modified: head/sys/net/pfvar.h ============================================================================== --- head/sys/net/pfvar.h Thu Jul 12 16:19:17 2018 (r336220) +++ head/sys/net/pfvar.h Thu Jul 12 16:35:35 2018 (r336221) @@ -621,9 +621,9 @@ struct pf_rule { #define PFRULE_IFBOUND 0x00010000 /* if-bound */ #define PFRULE_STATESLOPPY 0x00020000 /* sloppy state tracking */ -#define PFSTATE_HIWAT 10000 /* default state table size */ -#define PFSTATE_ADAPT_START 6000 /* default adaptive timeout start */ -#define PFSTATE_ADAPT_END 12000 /* default adaptive timeout end */ +#define PFSTATE_HIWAT 100000 /* default state table size */ +#define PFSTATE_ADAPT_START 60000 /* default adaptive timeout start */ +#define PFSTATE_ADAPT_END 102000 /* default adaptive timeout end */ struct pf_threshold {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807121635.w6CGZZAN046919>