problem with table
Pyun YongHyeon
yongari at kt-is.co.kr
Fri Dec 17 17:28:08 PST 2004
On Fri, Dec 17, 2004 at 10:40:00AM -0800, Jon Simola wrote:
> On Fri, 17 Dec 2004 17:58:00 +0100, ChOcO Bn <choco.bn at gmail.com> wrote:
> > i'm using freebsd 5.3 with pf and altq compiled in kernel.
> > i'm trying to fill a table with a file containing some range of ips (
> > according to CIDR norms )
> >
> > choco ~/ip_guardian# cat guarding.ip | wc -l
> > 46916
> >
> > and when i try to reload my rules, i can't get it work :
> >
> > "cannot define table guardian: Cannot allocate memory"
> >
> > How could i handle this ?
>
> I'd try various amounts to see how many you can load into a table. I
> suspect 47 thousand is a bit much, perhaps trying multiple smaller
> tables?
During early days of pf porting, I measured table's locking
overhead within copyin/copyout using TSC. At that time I used
108000 entries generated by shell script.
AFAIK, the number of entries that can be loaded into a table
depends on available kernel memory. And there is no limit if
your system has enough memory.
--
Regards,
Pyun YongHyeon
http://www.kr.freebsd.org/~yongari | yongari at freebsd.org
More information about the freebsd-pf
mailing list