From owner-freebsd-ipfw@FreeBSD.ORG Thu May 15 09:52:40 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2916B1065670; Thu, 15 May 2008 09:52:40 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp8.yandex.ru (smtp8.yandex.ru [213.180.200.213]) by mx1.freebsd.org (Postfix) with ESMTP id 473AD8FC38; Thu, 15 May 2008 09:52:39 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([77.72.136.145]:19184 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S7455954AbYEOJwd (ORCPT + 1 other); Thu, 15 May 2008 13:52:33 +0400 X-Yandex-Spam: 1 X-Yandex-Front: smtp8 X-Yandex-TimeMark: 1210845153 X-MsgDayCount: 3 X-Comment: RFC 2476 MSA function at smtp8.yandex.ru logged sender identity as: bu7cher Message-ID: <482C07DE.3090504@yandex.ru> Date: Thu, 15 May 2008 13:52:30 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Vivek Khera References: <04EA1C34-AB7D-4A85-8A91-DED03E987706@khera.org> In-Reply-To: <04EA1C34-AB7D-4A85-8A91-DED03E987706@khera.org> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, FreeBSD Stable Subject: Re: how much memory does increasing max rules for IPFW take up? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2008 09:52:40 -0000 Vivek Khera wrote: > I had a box run out of dynamic state space yesterday. I found I can > increase the number of dynamic rules by increasing the sysctl parameter > net.inet.ip.fw.dyn_max. I can't find, however, how this affects memory > usage on the system. Is it dyanamically allocated and de-allocated, or > is it a static memory buffer? Each dynamic rule allocated dynamically. Be careful, too many dynamic rules will work very slow. -- WBR, Andrey V. Elsukov