summaryrefslogtreecommitdiffstats
path: root/freebsd/sbin/pfctl/parse.y
diff options
context:
space:
mode:
Diffstat (limited to 'freebsd/sbin/pfctl/parse.y')
-rw-r--r--freebsd/sbin/pfctl/parse.y17
1 files changed, 15 insertions, 2 deletions
diff --git a/freebsd/sbin/pfctl/parse.y b/freebsd/sbin/pfctl/parse.y
index 8b6808a6..856f7b2a 100644
--- a/freebsd/sbin/pfctl/parse.y
+++ b/freebsd/sbin/pfctl/parse.y
@@ -4764,6 +4764,8 @@ process_tabledef(char *name, struct table_opts *opts)
{
struct pfr_buffer ab;
struct node_tinit *ti;
+ unsigned long maxcount;
+ size_t s = sizeof(maxcount);
bzero(&ab, sizeof(ab));
ab.pfrb_type = PFRB_ADDRS;
@@ -4791,8 +4793,19 @@ process_tabledef(char *name, struct table_opts *opts)
if (!(pf->opts & PF_OPT_NOACTION) &&
pfctl_define_table(name, opts->flags, opts->init_addr,
pf->anchor->name, &ab, pf->anchor->ruleset.tticket)) {
- yyerror("cannot define table %s: %s", name,
- pfr_strerror(errno));
+
+ if (sysctlbyname("net.pf.request_maxcount", &maxcount, &s,
+ NULL, 0) == -1)
+ maxcount = 65535;
+
+ if (ab.pfrb_size > maxcount)
+ yyerror("cannot define table %s: too many elements.\n"
+ "Consider increasing net.pf.request_maxcount.",
+ name);
+ else
+ yyerror("cannot define table %s: %s", name,
+ pfr_strerror(errno));
+
goto _error;
}
pf->tdirty = 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 09:18:25 +0000