[Bug 260406] pfctl: Cannot allocate memory (after a time)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260406] pfctl: Cannot allocate memory (after a time)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 23 Dec 2021 15:22:33 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260406

--- Comment #30 from Diego Linke <diego@bsd.com.br> ---
(In reply to Kristof Provost from comment #29)

Yes, I did. Please see below:

# vmstat -z | grep -E 'pf|ITEM'
ITEM                   SIZE  LIMIT     USED     FREE      REQ     FAILSLEEP
XDOMAIN
pf mtags:                48,      0,       0,      84,    2057,   0,   0,   0
pf tags:                104,      0,       0,       0,       0,   0,   0,   0
pf states:              296, 100000,      29,     153,  653447,   0,   0,   0
pf state keys:           88,      0,      29,     339,  653447,   0,   0,   0
pf source nodes:        136,  10000,       6,      23,   29737,   0,   0,   0
pf table entry counters:     64,      0,       0,       0,       0,   0,   0,  
0
pf table entries:       160, 1000000,       1,      24,57544806,15982,   0,   0
pf frags:               248,      0,       0,       0,       0,   0,   0,   0
pf frag entries:         40,   5000,       0,       0,       0,   0,   0,   0
pf state scrubs:         40,      0,       0,       0,       0,   0,   0,   0

# vmstat -m | grep -E 'pf|Size'
         Type InUse MemUse Requests  Size(s)
    pfs_nodes    20     8K       20  384
  pfs_vncache     1     8K        1  8192
         pfil    11     1K       11  64,128
      tcpfunc     1     1K        1  64
      pf_temp     0     0K     2323  32,64
      pf_hash     5 11524K        5  2048
     pf_ifnet    21     6K       80  128,256,2048
      pf_osfp  1191   123K     2382  64,128
      pf_rule    44    44K       44  1024
     pf_table    16    32K    28317  2048

# sysctl net.pf.request_maxcount
net.pf.request_maxcount: 65535

# sysctl net.pf.request_maxcount=50800000
net.pf.request_maxcount: 65535 -> 50800000

# pfctl -f /etc/pf.conf
/etc/pf.conf:21: cannot define table fireholL1: Cannot allocate memory
/etc/pf.conf:22: cannot define table fireholL2: Cannot allocate memory
/etc/pf.conf:23: cannot define table fireholL3: Cannot allocate memory
/etc/pf.conf:24: cannot define table fireholWEB: Cannot allocate memory
/etc/pf.conf:25: cannot define table normshield: Cannot allocate memory
/etc/pf.conf:26: cannot define table ipblacklistcloud: Cannot allocate memory
/etc/pf.conf:27: cannot define table Webbots: Cannot allocate memory
/etc/pf.conf:28: cannot define table haley_ssh: Cannot allocate memory
/etc/pf.conf:29: cannot define table bi_any_1_7d: Cannot allocate memory
pfctl: Syntax error in config file: pf rules not loaded

-- 
You are receiving this mail because:
You are the assignee for the bug.