[Bug 260406] pfctl: Cannot allocate memory (after a time)

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 05 Jan 2022 17:25:08 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260406

Kajetan Staszkiewicz <vegeta@tuxpowered.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vegeta@tuxpowered.net

--- Comment #65 from Kajetan Staszkiewicz <vegeta@tuxpowered.net> ---
I'm observing the same thing happening on amd64. In the beginning I thought it
might be due to my own patches on pf. Then I thought it only happens on systems
which are high on inactive memory (my systems behave differently regarding
inactive, some have lot of free memory, some bloat the inactive memory, no idea
why) which gave me the idea that maybe inactive memory can't be freed when
allocating memory with M_NOWAIT. However today I finally got the same issue on
a system running a nonpatched 13.0-RELEASE GENERIC kernel on a system without
bloated inactive memory.

[17:02:34] al-router01 ~/ # vmstat -z | grep pf
pf mtags:                48,      0,       0,    2520,12630497,   0,   0,   0
pf tags:                104,      0,       0,       0,       0,   0,   0,   0
pf states:              296, 4000000,    7038,   39177,3739030613,   0,   0,  
0
pf state keys:           88,      0,    7038,   85008,3739030613,   0,   0,   0
pf source nodes:        136, 400000,       0,       0,       0,   0,   0,   0
pf table entry counters:     64,      0,       0,       0,       0,   0,   0,  
0
pf table entries:       160, 1000000,  320952,  310548,259049528,180913,   0,  
0
pf frags:               248,      0,       0,      96,10783117,   0,   0,   0
pf frag entries:         40,  32000,       0,     606,50033469,   0,   0,   0
pf state scrubs:         40,      0,       0,       0,       0,   0,   0,   0

So there is a limit of 1M entries, 320k are used, 310k are free. When I reload
pf.conf, I need double the entries, yes? So the new pf.conf won't load. But
where is the missing 370k entries?

-- 
You are receiving this mail because:
You are the assignee for the bug.