On Sat, Feb 17, 2007 at 06:46:19PM +0000, Patrick Welche wrote:
> On Mon, Mar 27, 2006 at 09:47:14PM +0000, Darren Reed wrote:
> > When the limits are reached, you'll see a non-zero number next to the
> > line with "maximum" in it from running "ipfstat -s".
> 
> If you do see a number next to the line with "maximum" (as I have just
> witnessed on our last "network is slow" session) what can you do about
> it?

You need to increase the hash table size.

IPSTATE_SIZE and IPSTATE_MAX are what need to be increased.

If you're building your own kernel, /sys/dist/ipf/netinet/ip_state.h
is the file to change.

darren