[Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 16 10:23:55 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209475
--- Comment #15 from Kristof Provost <kp at freebsd.org> ---
(In reply to fehmi noyan isi from comment #14)
> So, does this come down to supplying a default value and re-attempting malloc() again?
I was thinking in that direction as well, yes. It's either that, or not
activating pf at all. Running it with a smaller state table might not be ideal,
but it's bound to be a lot better than running without firewall at all.
> Yes, that might help to avoid this bug, but I do not think FreeBSD has mallocarray()?
It does now. It was added very recently (in head). man 9 mallocarray. It might
be worth doing that change in a separate commit.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list