On Sat, January 1, 2022 8:02 pm, Paul Pace wrote:
> Hello!
>
> I'm trying to understand the limits in PF, and I can't seem to figure
> this out:
>
> In pf.conf(5) I see two limits called table-entries, and one of them is
>
> table-entries PFR_KENTRY_HIWAT_SMALL 100000
>
> Some searching and I found:
>
> grep PFR_KENTRY_HIWAT_SMALL /usr/include/net/pfvar.h
> #define PFR_KENTRY_HIWAT_SMALL 100000 /* Number of entries for tiny
> hosts */
>
> What is a tiny host?
>
> With the limit-item (table-entries) being used twice, does this somehow
> only apply to some system configuration I'm not using since pfctl -sm
> reports table-entries 200000?
>
> Thank you,
>
> Paul
>
>
Answers are in the source. In sys/net/pf_ioctl.c:
if (physmem <= atop(100*1024*1024))
pf_pool_limits[PF_LIMIT_TABLE_ENTRIES].limit =
PFR_KENTRY_HIWAT_SMALL;
