Re: NetBSD packet filter

[Sunil Nimmagadda <sunil%nimmagadda.net@localhost>]

Hector <technet%netdog.org@localhost> writes:

> On 9/28/24 12:56, Emmanuel Nyarko wrote:
>> Hi tech-net,
>> Emmanuel here.
>> I’m currently working on integrating ALTQ in NPF packet filter.
>>  From few informations gathered, the community is trying to keep NPF up to date with things in ipf and pf.
>> So I am happy to hear from whoever is using pf/ipf or is actively
>> aware of what features npf is missing so we can get NPF very up to
>> date with the desired packet filtering features so we can use that
>> as our primary packet filter.
>> Happy to hear from lots of you!!
>
>
> I started this thread in 2020:
> https://mail-index.netbsd.org/tech-net/2020/12/16/msg007960.html

On -current, this configuration (with the 52k entries table) fails with
E2BIG...

npfctl: Argument list too long

However, with a bumped NPF_IOCTL_DATA_LIMIT, it reloaded successfully.

diff --git a/sys/net/npf/npf_os.c b/sys/net/npf/npf_os.c
index 022178236d50..562ba4048bb4 100644
--- a/sys/net/npf/npf_os.c
+++ b/sys/net/npf/npf_os.c
@@ -84,7 +84,7 @@ MODULE(MODULE_CLASS_MISC, npf, "bpf");
 MODULE(MODULE_CLASS_DRIVER, npf, "bpf");
 #endif
 
-#define        NPF_IOCTL_DATA_LIMIT    (4 * 1024 * 1024)
+#define        NPF_IOCTL_DATA_LIMIT    (5 * 1024 * 1024)
 
 static int     npf_pfil_register(bool);
 static void    npf_pfil_unregister(bool);