Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Sep 2005 15:48:25 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-net@freebsd.org
Cc:        Andre <andre@netvision.com.br>
Subject:   Re: PF and "set limit src-nodes" error.
Message-ID:  <200509191548.37693.max@love2party.net>
In-Reply-To: <432E0908.8030101@netvision.com.br>
References:  <432E0908.8030101@netvision.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart1266059.rOltI5Ykkl
Content-Type: multipart/mixed;
  boundary="Boundary-01=_wGsLDM4vk3VJOZT"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--Boundary-01=_wGsLDM4vk3VJOZT
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 19 September 2005 02:40, Andre wrote:
> I can't set 'limit src-nodes' with pfctl on a FreeBSD 5.4-RELEASE
> system. This is the error I get:
>
> # echo "set limit src-nodes 1000" | pfctl -f -
> pfctl: DIOCSETLIMIT: Invalid argument
>
> I'm able to set 'states' and 'frags' just fine:
>
> # echo "set limit { states 50000, frags 2000 }" | pfctl -f -
>
> Since 'limit src-nodes' is documented in the pf.conf(5) man page, my
> guess is I'm missing something in the kernel configuration. I'm running
> GENERIC with the following additions:
>
> device          pf
> device          pflog
> device          pfsync
>
> Anything else I should have put in there?

Can you please try the attached patch and report back.  Seems like I missed=
 an=20
initialization there :-\

Thanks.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--Boundary-01=_wGsLDM4vk3VJOZT
Content-Type: text/x-diff;
  charset="iso-8859-1";
  name="pf_ioctl.c.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="pf_ioctl.c.diff"

Index: pf_ioctl.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pf_ioctl.c,v
retrieving revision 1.12.2.7
diff -u -r1.12.2.7 pf_ioctl.c
=2D-- pf_ioctl.c	12 Sep 2005 14:46:55 -0000	1.12.2.7
+++ pf_ioctl.c	19 Sep 2005 13:46:05 -0000
@@ -284,6 +284,8 @@
=20
 	pf_pool_limits[PF_LIMIT_STATES].pp =3D pf_state_pl;
 	pf_pool_limits[PF_LIMIT_STATES].limit =3D PFSTATE_HIWAT;
+	pf_pool_limits[PF_LIMIT_SRC_NODES].pp =3D pf_src_tree_pl;
+	pf_pool_limits[PF_LIMIT_SRC_NODES].limit =3D PFSNODE_HIWAT;
 	pf_pool_limits[PF_LIMIT_FRAGS].pp =3D pf_frent_pl;
 	pf_pool_limits[PF_LIMIT_FRAGS].limit =3D PFFRAG_FRENT_HIWAT;
 	uma_zone_set_max(pf_pool_limits[PF_LIMIT_STATES].pp,

--Boundary-01=_wGsLDM4vk3VJOZT--

--nextPart1266059.rOltI5Ykkl
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQBDLsG1XyyEoT62BG0RAvBJAJ9qUxA+7Aow7nPXzvhFfjTcBTXwoACeOtlI
gAqmoGyH/Ek9770okHQ8BYY=
=/5ZX
-----END PGP SIGNATURE-----

--nextPart1266059.rOltI5Ykkl--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509191548.37693.max>