Re: git: bad279e12deb - main - pf: convert DIOCRDELADDRS to netlink

Reply: Kristof Provost : "Re: git: bad279e12deb - main - pf: convert DIOCRDELADDRS to netlink"
In reply to: Kristof Provost : "git: bad279e12deb - main - pf: convert DIOCRDELADDRS to netlink"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Florian Smeets <flo_at_smeets.xyz>
Date: Sat, 16 Aug 2025 08:34:07 UTC

On 06.08.25 00:28, Kristof Provost wrote:
> The branch main has been updated by kp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=bad279e12deb3e4e4528dbc6b06f56aefb165b15
> 
> commit bad279e12deb3e4e4528dbc6b06f56aefb165b15
> Author:     Kristof Provost <kp@FreeBSD.org>
> AuthorDate: 2025-08-01 14:18:52 +0000
> Commit:     Kristof Provost <kp@FreeBSD.org>
> CommitDate: 2025-08-05 22:27:14 +0000
> 
>      pf: convert DIOCRDELADDRS to netlink
>      
Hi Kristof,

this is causing issues with crowdsec. The pfctl process is using up all 
memory and gets killed by the OOM killer.

The issue appears to be trying to delete IPs that are not part of a 
table, which can apparently happen with crowdsec.

root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T show|tail -1
    223.247.218.112
root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T delete 223.247.218.112
1/1 addresses deleted.
root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T show|grep 223.247.218.113
root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T delete 223.247.218.113
load: 0.65  cmd: pfctl 26515 [runnable] 10.19r 0.75u 4.86s 32% 802128k
load: 0.78  cmd: pfctl 26515 [runnable] 17.67r 1.41u 8.19s 40% 1452576k
load: 0.89  cmd: pfctl 26515 [running] 29.14r 2.44u 13.16s 46% 2506284k

Florian