Re: git: bad279e12deb - main - pf: convert DIOCRDELADDRS to netlink

In reply to: Florian Smeets : "Re: git: bad279e12deb - main - pf: convert DIOCRDELADDRS to netlink"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kristof Provost <kp_at_freebsd.org>
Date: Sat, 16 Aug 2025 09:16:19 UTC


> On 16 Aug 2025, at 10:34, Florian Smeets <flo@smeets.xyz> wrote:
> 
> On 06.08.25 00:28, Kristof Provost wrote:
>> The branch main has been updated by kp:
>> URL: https://cgit.FreeBSD.org/src/commit/?id=bad279e12deb3e4e4528dbc6b06f56aefb165b15
>> commit bad279e12deb3e4e4528dbc6b06f56aefb165b15
>> Author:     Kristof Provost <kp@FreeBSD.org>
>> AuthorDate: 2025-08-01 14:18:52 +0000
>> Commit:     Kristof Provost <kp@FreeBSD.org>
>> CommitDate: 2025-08-05 22:27:14 +0000
>>     pf: convert DIOCRDELADDRS to netlink
>>     
> Hi Kristof,
> 
> this is causing issues with crowdsec. The pfctl process is using up all memory and gets killed by the OOM killer.
> 
> The issue appears to be trying to delete IPs that are not part of a table, which can apparently happen with crowdsec.
> 
> root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T show|tail -1
>   223.247.218.112
> root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T delete 223.247.218.112
> 1/1 addresses deleted.
> root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T show|grep 223.247.218.113
> root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T delete 223.247.218.113
> load: 0.65  cmd: pfctl 26515 [runnable] 10.19r 0.75u 4.86s 32% 802128k
> load: 0.78  cmd: pfctl 26515 [runnable] 17.67r 1.41u 8.19s 40% 1452576k
> load: 0.89  cmd: pfctl 26515 [running] 29.14r 2.44u 13.16s 46% 2506284k
> 
Yeah, I’ve had other reports. Both add and delete have issues. I know what the problem is. I just need to finish the test case before I can commit. 
Expect it early next week. 

— 
Kristof