Vivek Khera
2008-May-14 15:25 UTC
how much memory does increasing max rules for IPFW take up?
I had a box run out of dynamic state space yesterday. I found I can increase the number of dynamic rules by increasing the sysctl parameter net.inet.ip.fw.dyn_max. I can't find, however, how this affects memory usage on the system. Is it dyanamically allocated and de-allocated, or is it a static memory buffer? Thanks!
Andrey V. Elsukov
2008-May-15 09:52 UTC
how much memory does increasing max rules for IPFW take up?
Vivek Khera wrote:> I had a box run out of dynamic state space yesterday. I found I can > increase the number of dynamic rules by increasing the sysctl parameter > net.inet.ip.fw.dyn_max. I can't find, however, how this affects memory > usage on the system. Is it dyanamically allocated and de-allocated, or > is it a static memory buffer?Each dynamic rule allocated dynamically. Be careful, too many dynamic rules will work very slow. -- WBR, Andrey V. Elsukov
Vivek Khera
2008-May-16 14:53 UTC
how much memory does increasing max rules for IPFW take up?
How are the buckets used? Are they hashed per rule number or some other mechanism? Nearly all of my states are from the same rule (eg, on a mail server for the SMTP port rule). How should I scale the buckets with the max rules? The default seems to be 4096 rules and 256 buckets. Should I maintain that ratio?