[Bug 260406] pfctl: Cannot allocate memory (after a time)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260406] pfctl: Cannot allocate memory (after a time)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 14 Dec 2021 13:34:34 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260406

--- Comment #7 from tech-lists@zyxst.net ---
(In reply to Kristof Provost from comment #6)

# dtrace -n 'fbt:kernel:pfr_ina_define:return { printf("%x %x", arg0, arg1); }'
dtrace: description 'fbt:kernel:pfr_ina_define:return ' matched 1 probe
CPU     ID                    FUNCTION:NAME
  0  36537            pfr_ina_define:return c ffffa000c1e55460
  0  36537            pfr_ina_define:return 0 0
  0  36537            pfr_ina_define:return 0 ffffa001d5139d80
  0  36537            pfr_ina_define:return 0 0
  0  36537            pfr_ina_define:return 0 ffffa001977e9000
  0  36537            pfr_ina_define:return 0 ffffa0001a8a3401
  0  36537            pfr_ina_define:return 0 ffffa0016fb04a80

if I try the command (pfctl -f /etc/pf.conf) repeatedly the values of the probe
change a bit:

  2  36537            pfr_ina_define:return c ffffa000c1e48be0
  2  36537            pfr_ina_define:return 0 0
  2  36537            pfr_ina_define:return 0 ffffa0017783fa80
  2  36537            pfr_ina_define:return 0 0
  2  36537            pfr_ina_define:return 0 ffffa001df262a80
  2  36537            pfr_ina_define:return 0 ffffa0001a8a3401
  2  36537            pfr_ina_define:return 0 ffffa0014e050a80

each time in the pf window I get this result:

# pfctl -f /etc/pf.conf
/etc/pf.conf:18: cannot define table pfbadhost: Cannot allocate memory
pfctl: Syntax error in config file: pf rules not loaded

if I comment out the big table and its clock rules from pf.conf, it loads
without error:

# pfctl -f /etc/pf.conf
#

in the probe window:

# dtrace -n 'fbt:kernel:pfr_ina_define:return { printf("%x %x", arg0, arg1); }'
dtrace: description 'fbt:kernel:pfr_ina_define:return ' matched 1 probe
CPU     ID                    FUNCTION:NAME
  0  36537            pfr_ina_define:return 0 0
  0  36537            pfr_ina_define:return 0 ffffa00184267780
  0  36537            pfr_ina_define:return 0 0
  0  36537            pfr_ina_define:return 0 ffffa001c64ef780
  0  36537            pfr_ina_define:return 0 ffffa0001a8a3401
  0  36537            pfr_ina_define:return 0 ffffa001c0d94c00

You asked:
> why?

maybe this is no longer the case, but I thought in-kernel was "faster" than
dynamic or via a kld particularly on low power devices

-- 
You are receiving this mail because:
You are the assignee for the bug.