K 10
svn:author
V 3
gjb
K 8
svn:date
V 27
2020-02-12T14:50:13.349966Z
K 7
svn:log
V 558
MFC r332404 (kp):
 pf: limit ioctl to a reasonable and tuneable number of elements

 pf ioctls frequently take a variable number of elements as argument.
 This can potentially allow users to request very large allocations.
 These will fail, but even a failing M_NOWAIT might tie up resources
 and result in concurrent M_WAITOK allocations entering vm_wait and
 inducing reclamation of caches.

 Limit these ioctls to what should be a reasonable value, but allow
 users to tune it should they need to.

Sponsored by:	Rubicon Communications, LLC (netgate.com)

END