Look at sysctl net.inet.ip.ifq, bump maxlen until drops stops increasing. I'd try 250 for starters.
On 2007/07/07 08:47, Jeff Santos wrote: > Hi, > > It would help if someone with more experience with PF > could help me to interpret some of those statistics > shown with pfctl -si: > > Packets In > Passed 46837573 0 > Blocked 3024000 98 > Packets Out > Passed 36144287 1 > Blocked 4502 0 > > Counters > match 6355599 62.8/s > bad-offset 0 0.0/s > fragment 22 0.0/s > short 2 0.0/s > normalize 6 0.0/s > memory 3050088 30.1/s > bad-timestamp 0 0.0/s > congestion 17968 0.2/s > ip-option 3 0.0/s > proto-cksum 1697 0.0/s > state-mismatch 17276 0.2/s > state-insert 0 0.0/s > state-limit 0 0.0/s > src-limit 0 0.0/s > synproxy 8130 0.1/s > > I am specially interested in learning something about the > memory, congestion, proto-cksum and state-mismatch lines.
