* #ident "$Revision: 1.8 $"
*
* IP packet filtering driver
*
*FLAG	PREFIX	SOFT	#DEV	DEPENDENCIES
cos	ipfilter 59	 -	bsd
				ipfilter_kernel(){false}
$$$

#include <netinet/in.h>
#include <netinet/ipfilter.h>

/*
 * The kernel cache of filtering verdicts is configurable in size. The size 
 * is defined by NUMIPKFLT, which specifies the number of entries in the cache.
 * To change the size, redefine NUMIPKFLT here, then lboot a new kernel.
 */
#define NUMIPKFLT 32				    /* size of kernel cache */
struct ipkernelfilter	ipfiltercache[NUMIPKFLT];   /* kernel verdict cache */

int numipkflt = NUMIPKFLT;

/*
 * filtercache_search_depth:
 * The most recently used entry in the kernel cache gets moved to the
 * head of the cache. To prevent thrashing, this only happens when the
 * cache search depth has exceeded filtercache_search_depth. The default
 * value is 8 (four simultaneous TCP file transfers). This value should
 * be tuned based on expected system workload.
 */

int filtercache_search_depth = 8;

/*
 * ipfilterd_inactive_behavior has been made tuneable, see man page
 * for systune(1M) for details.
 */

/*
 * ipfilter_ttl
 * Specify lifetime in seconds of inactive kernel cache entries.
 * Must fit in unsigned short, hence maximum value is 64K (65535),
 * a bit more than 18 hours.
 * Default will be 60 seconds.
 */
int ipfilter_ttl = 60;
