From nobody Fri Apr 29 17:30:27 2022 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 004DD1AB733D for ; Fri, 29 Apr 2022 17:30:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Kqfdb5vlRz4gdc for ; Fri, 29 Apr 2022 17:30:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A72A711532 for ; Fri, 29 Apr 2022 17:30:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 23THURAW060792 for ; Fri, 29 Apr 2022 17:30:27 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 23THURtG060791 for pf@FreeBSD.org; Fri, 29 Apr 2022 17:30:27 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 263626] PF is unable to load more than 200000 entries Date: Fri, 29 Apr 2022 17:30:27 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: portmaster@bsdforge.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651253427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ED9VSQYiMwUTwjpyPt6pvUHyA7makS+UfOE5inMY3do=; b=Z7r583O7gTKApLYSbH6K12KmSaIF/N8Me2hVxFqnGlMCiwpEshxjwhWjaK4+Sn66wNA1Ct +s4r9iwMXw8x/uj65eMUuS9jGt2VRT+kxigbLX1QAZI63/ilF2x5//4Xcc6PhFxnIa0Odd SUpQScGtBJ1dB02TVrZAtCAVOXfRILf77jxAkaIgQp+j72A/jD2KWCgI0K8/YL5EkCKbrz YPJi/dUpxc0VZQk+MHJVGRVPQyxtRfU++Hh58zrQlZZHybmHs51hkyOj93ShmCm6c5kPom TUTAPoMchE0MTeWnbxGm2/ZVKWwI/q2TZAnen9ghly39hep2oeIfDgN77+ZaOQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651253427; a=rsa-sha256; cv=none; b=hVsC+jUrNFs6sR+RtDioh+QN3QzQZ9ZNKhuhJaBoXyDg2JypxWsVlWJsgHoVZVAHLD09lW ZwToNxzyZshIjiB3NhZYOSZ42IEsW5QUR/+CgZy3hv7tNmP5bPEUXe/Mb35sBl+/uG0pcK Bw6wYEZ1W4jP9xe34kMDRMeRytAu1/yRbX7bfB2j3WUHznJG3/aPUekkbVeO1M8gxWTIYp aeVmqmoox8golBFPJMjzoAfxaKAc5iRBtFjlxg6bKo6ec0NMdRCUHryl8iGCcLnDsMbcIs U90TUeNayZKqa66swObgOS4tr44NO73HgLzHBPVnm2IoOdzMrfEYgC59ro/3qg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263626 Chris Hutchinson changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |portmaster@bsdforge.com --- Comment #1 from Chris Hutchinson --- With 1,269,713 lines total in 58 tables and a total of a quarter billion IP addresses entered in CIDR notation. I have only the following changes in loader.conf(5) net.pf.states_hashsize=3D65536 net.pf.source_nodes_hashsize=3D16384 net.pf.request_maxcount=3D2500000 and in pf.conf(5) set limit table-entries 1700000 set limit states 600000 and I don't experience your trouble. Were you ever able to load these tables? Are you able to load them during boot? Or is this only a problem when attempting to REload them? If it's re-load that is the problem. You have to understand that generally speaking, you require twice the memory to reload tables as to simply load them. You would probably do well to merge the files "/etc/spammers" and "/etc/blocklist" into simply "/etc/BLOCKED" and use: table persist file "/etc/BLOCKED" HTH --Chris --=20 You are receiving this mail because: You are the assignee for the bug.=