[Bug 290243] pf: cannot define table table-name: Cannot allocate memory

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290243

            Bug ID: 290243
           Summary: pf: cannot define table table-name: Cannot allocate
                    memory
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: olivier@freebsd.org

Here is a reproducible problem on 14 and current (script attached) on x86 and
ARM:
We can’t load a table multiples time (like a blacklist table in crontab).

How to reproduce:

sh ./pf-big-table.sh
Id  Refs Name
535    1 pf
Loading a public IPv4 blocklist
prod_data-shield_ipv4_blocklist.txt                   1390 kB 1150 kBps    01s
System’s net.pf.request_maxcount (65535) too small to load this 99766 elements
table
Increasing it...
net.pf.request_maxcount: 65535 -> 99767
System configured with net.pf.request_maxcount 65535 loading a 99766 table
multiple times
Try: 1
current VM usage
ITEM                   SIZE   LIMIT     USED     FREE      REQ FAIL SLEEP XDOM
pf table entries:       160, 200000,       0,       0,       0,   0,   0,   0
Try: 2
current VM usage
ITEM                   SIZE   LIMIT     USED     FREE      REQ FAIL SLEEP XDOM
pf table entries:       160, 200000,   99767,      58,   99767,   0,   0,   0
Try: 3
current VM usage
ITEM                   SIZE   LIMIT     USED     FREE      REQ FAIL SLEEP XDOM
pf table entries:       160, 200000,   99767,   99883,  199534,   0,   0,   0
pf.conf:1: cannot define table shield_ipv4.blocklist: Cannot allocate memory
pfctl: Syntax error in config file: pf rules not loaded

-- 
You are receiving this mail because:
You are the assignee for the bug.