Re: NPF ruleset limit in -7?

To: Stephen Borrill <netbsd%precedence.co.uk@localhost>, tech-net%NetBSD.org@localhost
Subject: Re: NPF ruleset limit in -7?
From: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Date: Tue, 16 Oct 2018 12:40:41 +0200

On 10/15/18 17:55, Stephen Borrill wrote:

I seem to recall a limit on loading rulesets with NPF at some time inthe past. [...]

In all releases, that is; -the underlying library with its limitationsin dictionary size has apparently been replaced for npf in -current.


I applied the following patch

/<2>netbsd-8/src > cvs diff sys/net/npf/npf_ctl.c
Index: sys/net/npf/npf_ctl.c
===================================================================
RCS file: /cvsroot/src/sys/net/npf/npf_ctl.c,v
retrieving revision 1.48.2.1
diff -u -r1.48.2.1 npf_ctl.c
--- sys/net/npf/npf_ctl.c       17 Nov 2017 20:43:11 -0000      1.48.2.1
+++ sys/net/npf/npf_ctl.c       16 Oct 2018 10:37:08 -0000
@@ -522,8 +522,9 @@
        else
 #endif
        {
+               /* XXX This size limit should really be a constant */

error = prop_dictionary_copyin_ioctl_size(pref, cmd,&npf_dict,

-                   4 * 1024 * 1024);
+                   16 * 1024 * 1024);
                if (error)
                    return error;
        }

when I still had hopes in npf...

Cheerio,
hauke

--
     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email	        Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-21344

Follow-Ups:
- Re: NPF ruleset limit in -7?
  - From: Stephen Borrill

References:
- NPF ruleset limit in -7?
  - From: Stephen Borrill

Prev by Date: NPF ruleset limit in -7?
Next by Date: Re: Trying to understand stateful npf
Previous by Thread: NPF ruleset limit in -7?
Next by Thread: Re: NPF ruleset limit in -7?
Indexes:

Home | Main Index | Thread Index | Old Index