From owner-freebsd-pf@freebsd.org  Thu Nov 24 19:36:59 2016
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D4E7C53EA0
 for <freebsd-pf@mailman.ysv.freebsd.org>; Thu, 24 Nov 2016 19:36:59 +0000 (UTC)
 (envelope-from patfbsd@davenulle.org)
Received: from sender163-mail.zoho.com (sender163-mail.zoho.com
 [74.201.84.163])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 781F41DA
 for <freebsd-pf@freebsd.org>; Thu, 24 Nov 2016 19:36:58 +0000 (UTC)
 (envelope-from patfbsd@davenulle.org)
Received: from baby-jane.lamaiziere.net (4.169.100.84.rev.sfr.net
 [84.100.169.4]) by mx.zohomail.com
 with SMTPS id 1480016207090658.360907885652;
 Thu, 24 Nov 2016 11:36:47 -0800 (PST)
Date: Thu, 24 Nov 2016 20:36:39 +0100
From: patrick lamaiziere <patfbsd@davenulle.org>
To: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: pfsync(4) maxupd ?
Message-ID: <20161124203639.14abb3e0@baby-jane.lamaiziere.net>
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; i386-portbld-freebsd10.1)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2016 19:36:59 -0000

Hello,

I'm asking about the goal of the parameter maxupd of pfsync, ie when we
should change it ?

At work we have a lot of states (~1 200 000) with many changes and it
looks like we lose some states deletion across pfysnc. Does an
augmentation of maxupd could help ? 

the manual :
The pfsync interface will attempt to collapse multiple state updates
into a single packet where possible.  The maximum number of times a
single state can be updated before a pfsync packet will be sent out is
con- trolled by the maxupd parameter to ifconfig (see ifconfig(8) and
the example below for more details).  The sending out of a pfsync
packet will be delayed by a maximum of one second.

Thanks, regards.