Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 8 Jun 2001 11:55:59 -0400 (EDT)
From:      Darren Henderson <darren@nighttide.net>
To:        <freebsd-ipfw@FreeBSD.ORG>
Subject:   buckets & sysctl
Message-ID:  <Pine.BSF.4.30.0106081123510.81663-100000@localhost>
In-Reply-To: <7e96417ea3ae.7ea3ae7e9641@mbox.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 

I can't seem to get the number of buckets ipfw uses to increase.

This is on a 4.3-STABLE machine with kern.securelevel -1

In /etc/sysctl.conf I set

net.inet.ip.fw.dyn_buckets=512
net.inet.ip.fw.dyn_max=2000

The dyn_buckets does go to 512 and dyn_max goes to 2000 but the
curr_dyn_buckets never goes beyond the default 256. ipfw just doesn't
resize the structure, even if all 2000 buckets are used and ipfw is
reporting that it can't create any new dynamic rules.

The goal here is to have fewer entries in each bucket. How do I convice
ipfw to use all the buckets? Does dyn_max have to be a multiple of
dyn_buckets? That doesn't appear to be true, (I still can achieve 2000
dynamic rules with the 256 buckets). Is it a timing issue, does
dyn_buckets have to be set at some point earlier then sysctl.conf is
processed?

sysctl -A | grep ip.fw  shows the following...

net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 100
net.inet.ip.fw.dyn_buckets: 512
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 114
net.inet.ip.fw.dyn_max: 2000
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 20
net.inet.ip.fw.dyn_rst_lifetime: 5
net.inet.ip.fw.dyn_short_lifetime: 30

Any thoughts appreciated.

______________________________________________________________________
Darren Henderson                                  darren@nighttide.net

                   Help fight junk e-mail, visit http://www.cauce.org/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30.0106081123510.81663-100000>