Too many pf table entries allocated during ruleset reload

Kajetan Staszkiewicz vegeta at tuxpowered.net
Tue Jan 19 10:50:23 UTC 2021 

Hello group,

I'm trying to understand behavior of pf table entries allocation. I've
ran out of table entries, which is by default limited to 200k, while
trying to load a new ruleset. I've increased the limit to 1M, now it
loads fine, but the usual amount of entries is only around 7k. The
number increases greatly during loading new ruleset. I would expect it
to increase twice because of duplication of eveything in the new
ruleset, but this increase is way bigger.

while true; do vmstat -z | grep "pf table" ; sleep 0.1; done

pf table entries:  216, 1000008,    7218,  195192, 1585524,   0,   0
pf table entries:  216, 1000008,    7218,  195192, 1585524,   0,   0
pf table entries:  216, 1000008,    7218,  195192, 1585524,   0,   0
pf table entries:  216, 1000008,   21495,  180915, 1599801,   0,   0
pf table entries:  216, 1000008,   36094,  166316, 1614400,   0,   0
pf table entries:  216, 1000008,   50292,  152118, 1628598,   0,   0
pf table entries:  216, 1000008,   64336,  138074, 1642642,   0,   0
pf table entries:  216, 1000008,   78684,  123726, 1656990,   0,   0
pf table entries:  216, 1000008,   93355,  109055, 1671661,   0,   0
pf table entries:  216, 1000008,  107742,   94668, 1686048,   0,   0
pf table entries:  216, 1000008,  122394,   80016, 1700700,   0,   0
pf table entries:  216, 1000008,  137159,   65251, 1715465,   0,   0
pf table entries:  216, 1000008,  151032,   51378, 1729338,   0,   0
pf table entries:  216, 1000008,  166269,   36141, 1744575,   0,   0
pf table entries:  216, 1000008,  180852,   21558, 1759158,   0,   0
pf table entries:  216, 1000008,  194970,    7440, 1773276,   0,   0
pf table entries:  216, 1000008,  198179,    4231, 1776485,   0,   0
pf table entries:  216, 1000008,  200954,    1456, 1779260,   0,   0
pf table entries:  216, 1000008,    7219,  195191, 1779260,   0,   0
pf table entries:  216, 1000008,    7219,  195191, 1779260,   0,   0
pf table entries:  216, 1000008,    7219,  195191, 1779260,   0,   0


-- 
| pozdrawiam / greetings | Powered by macOS, Debian and FreeBSD |
|  Kajetan Staszkiewicz  |  www: http://vegeta.tuxpowered.net   |
`------------------------^--------------------------------------'

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20210119/788aa95f/attachment.sig>

More information about the freebsd-pf mailing list