From owner-freebsd-net Sun Oct 22 9:17: 9 2000 Delivered-To: freebsd-net@freebsd.org Received: from ICSI.Berkeley.EDU (fruitcake.ICSI.Berkeley.EDU [192.150.186.11]) by hub.freebsd.org (Postfix) with ESMTP id 6AEB537B657 for ; Sun, 22 Oct 2000 09:17:07 -0700 (PDT) Received: from fondue.ICSI.Berkeley.EDU (fondue.ICSI.Berkeley.EDU [192.150.186.19]) by ICSI.Berkeley.EDU (8.9.0/8.9.0) with ESMTP id JAA11940; Sun, 22 Oct 2000 09:17:06 -0700 (PDT) Received: from localhost (rizzo@localhost) by fondue.ICSI.Berkeley.EDU (8.8.2/1.8) with ESMTP id JAA02598; Sun, 22 Oct 2000 09:17:06 -0700 (PDT) X-Authentication-Warning: fondue.ICSI.Berkeley.EDU: rizzo owned process doing -bs Date: Sun, 22 Oct 2000 09:17:06 -0700 (PDT) From: Luigi Rizzo To: Rudy Cc: freebsd-net@FreeBSD.ORG Subject: Re: '/kernel: Too many dynamic rules, sorry In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I got '/kernel: Too many dynamic rules, sorry' for the first time. > To got rid of keep-state on my port 80 and the problem went away. whether or not this is a solution depends on your requirements of course... though maybe it is not that useful to use keep-state with a web server where you basically want to have this accessible from the outside. > [2] Does primeness matter with net.inet.ip.fw.dyn_buckets? in the case of dynamic rules, a prime will not give you any advantage. the hash table is just a set of hash_size lists, and they are typically pretty full (the total number of entries is configurable but by default way larger than the number of hash slots). cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message