diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2009-07-12 13:54:42 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2009-07-12 13:54:42 -0400 |
| commit | 7982f851e1c8d3183aca94b44e5172474efeaf47 (patch) | |
| tree | dde0b954ed615753a0d0d3012c714737af9f849d /etc/inc | |
| parent | b37eac3d45bf12027a93f0962a8d72034da6d83e (diff) | |
| download | pfsense-7982f851e1c8d3183aca94b44e5172474efeaf47.zip pfsense-7982f851e1c8d3183aca94b44e5172474efeaf47.tar.gz | |
Size flowtables according to Kip's recommendations and write out loader.conf entry.
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/filter.inc | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 174b8bf..4b5643d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -52,10 +52,22 @@ $FilterIflist = array(); function flowtable_configure() { global $config, $g; // Figure out how many flows we should reserve + // sized 2x larger than the number of unique connection destinations. if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) $maxstates = $config['system']['maximumstates']; else - $maxstates = "15000"; + $maxstates = "150000"; + // nmbflows cpu count * ($maxstates * 2) + $cpus = trim(`sysctl kern.smp.cpus`); + $nmbflows = $cpus*($maxstates*2); + if(!file_exists("/boot/loader.conf")) + touch("/boot/loader.conf"); + $loader_conf_nmbflows = trim(`cat /boot/loader_conf | grep nmbflows | cut -d'=' -f2`); + if($loader_conf_nmbflows <> $nmbflows) { + $loader_conf = trim(`cat /boot/loader_conf | grep -v nmbflows`); + $loader_conf .= "\nnet.inet.ip.output_flowtable_size={$nmbflows}\n"; + file_put_contents("/boot/loader.conf", trim($loader_conf)); + } // Is flowtable enabled? if($config['system']['flowtable']) $flowtable_enable = 1; |
