[Bug 260406] pfctl: Cannot allocate memory (after a time)
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260406] pfctl: Cannot allocate memory (after a time)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 11 Feb 2022 17:15:34 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260406
Jean-Claude MICHOT <jc@michot.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jc@michot.fr
--- Comment #67 from Jean-Claude MICHOT <jc@michot.fr> ---
Same problem here with 'pfctl: Cannot allocate memory.', it's reported by
fail2ban
(anyway same for blacklistd).
2022-02-09 19:34:30,354 fail2ban.utils [64280]: ERROR 8021b2730 --
exec: pfctl -a f2b/ssh-pf -t f2b-ssh-pf -T add 45.9.20.25
2022-02-09 19:34:30,354 fail2ban.utils [64280]: ERROR 8021b2730 --
stderr: 'pfctl: Cannot allocate memory.'
2022-02-09 19:34:30,354 fail2ban.utils [64280]: ERROR 8021b2730 --
killed with signal 127 (return code: 255)
# freebsd-version -uk
13.0-RELEASE-p4
13.0-RELEASE-p4
"pfctl -T del IP" still usable, but add new rule is impossible until reboot :(
# vmstat -m | grep -E 'pf|Size'
Type InUse MemUse Requests Size(s)
pfs_nodes 20 8K 20 384
pfs_vncache 1 128K 1
pfil 11 1K 11 64,128
tcpfunc 1 1K 1 64
pf_temp 0 0K 55 32
pf_hash 5 11524K 5 2048
pf_ifnet 19 7K 171 256,2048
pf_osfp 1191 123K 3573 64,128
pf_rule 269 181K 341 128,1024
pf_table 11 22K 24200 2048
# vmstat -z | grep pf
pf mtags: 48, 0, 0, 84, 55, 0, 0, 0
pf tags: 104, 0, 0, 0, 0, 0, 0, 0
pf states: 296, 100000, 40, 2703, 4287549, 0,
0,2135254
pf state keys: 88, 0, 58, 6106, 4592659, 0,
0,2280096
pf source nodes: 136, 10000, 0, 0, 0, 0, 0, 0
pf table entry counters: 64, 0, 0, 0, 200, 0, 0,
0
pf table entries: 160, 200000, 152, 48, 488,7420, 0, 0
pf frags: 248, 0, 0, 16, 15, 0, 0, 0
pf frag entries: 40, 5000, 0, 101, 40, 0, 0, 0
pf state scrubs: 40, 0, 0, 0, 0, 0, 0, 0
# sysctl -a | grep net.pf
net.pf.rule_tag_hashsize: 128
net.pf.request_maxcount: 65535
net.pf.source_nodes_hashsize: 32768
net.pf.states_hashsize: 131072
# pfctl -si
Status: Enabled for 93 days 22:56:25 Debug: Urgent
State Table Total Rate
current entries 840
searches 5992674224 738.2/s
inserts 4288356 0.5/s
removals 4287516 0.5/s
Counters
match 1169829912 144.1/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 87 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 2 0.0/s
proto-cksum 0 0.0/s
state-mismatch 1206 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
map-failed 0 0.0/s
# top -b | head -8
last pid: 20669; load averages: 0.08, 0.11, 0.09 up 93+22:59:55
18:11:49
160 processes: 1 running, 158 sleeping, 1 zombie
CPU: 0.3% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.6% idle
Mem: 90M Active, 829M Inact, 506M Laundry, 59G Wired, 2173M Free
ARC: 52G Total, 28G MFU, 22G MRU, 3368K Anon, 281M Header, 1419M Other
48G Compressed, 61G Uncompressed, 1.27:1 Ratio
Swap: 46G Total, 1939M Used, 44G Free, 4% Inuse
--
You are receiving this mail because:
You are the assignee for the bug.