On Fri, 23 Sep 2005, nate wrote: > ok thats the kind of info I wanted to hear, so kernel > space can go up to ~300MB ? is this a tunable > paramter anywhere or is it hard coded?
it is actually 768MB on i386, but you can't use anywhere close to all of it for pf states. it is hard coded. > is this a "low memory" vs "high memory" thing? if so is > there a good way to monitor "low memory" on openbsd? > I tried doing some google searches and all I found was > people running out of memory. there is no way i know of to monitor it. what matters is not memory, but address space. > also one last Q - when you allocate memory for states > in the pf config, say I allocate for 200k states does > that allocation happen when the config is loaded or > is it dynamic? Just wondering if I do exceed the limit > should I expect it to misbehave immediately upon > reload(even if it isn't holding that many states) or > not until it actually hits the state limit. states are only allocated on demand. you could set the limit to a billion with no problem until you actually start using too many states. the limit is there to protect you from the firewall imploding. -- And that's why your software sucks.
