On 12/20/10 15:52, Kevin Wilcox wrote:
On 19 December 2010 07:16, Henning Brauer<lists-open...@bsws.de> wrote:
you're way off ;)
I had 2 million during a DDoS. things got a bit slow but everything
worked.
Henning - out of curiosity, what were the specs on that hardware?
It may be interesting to know of any specifics tweaks in that setup
(besides net.inet.ip.ifq.maxlen and set limit states), if any.
My understanding was that pf won't use more than 1GB of RAM, which I
thought to equal about 1 million states, but I never verified that
information and now it's been so long I can't recall the source.
According to pf_var.h, a struct pf_state is roughly 212 bytes on amd64.
