Hector <technet%netdog.org@localhost> writes:
On 9/28/24 12:56, Emmanuel Nyarko wrote:
Hi tech-net,
Emmanuel here.
I’m currently working on integrating ALTQ in NPF packet filter.
From few informations gathered, the community is trying to keep NPF up to date with things in ipf and pf.
So I am happy to hear from whoever is using pf/ipf or is actively
aware of what features npf is missing so we can get NPF very up to
date with the desired packet filtering features so we can use that
as our primary packet filter.
Happy to hear from lots of you!!
I started this thread in 2020:
https://mail-index.netbsd.org/tech-net/2020/12/16/msg007960.html
On -current, this configuration (with the 52k entries table) fails with
E2BIG...
npfctl: Argument list too long
However, with a bumped NPF_IOCTL_DATA_LIMIT, it reloaded successfully.
diff --git a/sys/net/npf/npf_os.c b/sys/net/npf/npf_os.c
index 022178236d50..562ba4048bb4 100644
--- a/sys/net/npf/npf_os.c
+++ b/sys/net/npf/npf_os.c
@@ -84,7 +84,7 @@ MODULE(MODULE_CLASS_MISC, npf, "bpf");
MODULE(MODULE_CLASS_DRIVER, npf, "bpf");
#endif
-#define NPF_IOCTL_DATA_LIMIT (4 * 1024 * 1024)
+#define NPF_IOCTL_DATA_LIMIT (5 * 1024 * 1024)
static int npf_pfil_register(bool);
static void npf_pfil_unregister(bool);