Date: Tue, 19 Jan 2021 11:50:17 +0100 From: Kajetan Staszkiewicz <vegeta@tuxpowered.net> To: freebsd-pf@freebsd.org Subject: Too many pf table entries allocated during ruleset reload Message-ID: <5ffc66f1-204f-f8cc-98e9-120e559f2e57@tuxpowered.net>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --lJw0BxUDCZCQqSHuZbtCQ2PNlfzlQwjRg Content-Type: multipart/mixed; boundary="IexFpbACwKUzaryWoINpkAC3uwv4Ds6rU"; protected-headers="v1" From: Kajetan Staszkiewicz <vegeta@tuxpowered.net> To: freebsd-pf@freebsd.org Message-ID: <5ffc66f1-204f-f8cc-98e9-120e559f2e57@tuxpowered.net> Subject: Too many pf table entries allocated during ruleset reload --IexFpbACwKUzaryWoINpkAC3uwv4Ds6rU Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable Hello group, I'm trying to understand behavior of pf table entries allocation. I've ran out of table entries, which is by default limited to 200k, while trying to load a new ruleset. I've increased the limit to 1M, now it loads fine, but the usual amount of entries is only around 7k. The number increases greatly during loading new ruleset. I would expect it to increase twice because of duplication of eveything in the new ruleset, but this increase is way bigger. while true; do vmstat -z | grep "pf table" ; sleep 0.1; done pf table entries: 216, 1000008, 7218, 195192, 1585524, 0, 0 pf table entries: 216, 1000008, 7218, 195192, 1585524, 0, 0 pf table entries: 216, 1000008, 7218, 195192, 1585524, 0, 0 pf table entries: 216, 1000008, 21495, 180915, 1599801, 0, 0 pf table entries: 216, 1000008, 36094, 166316, 1614400, 0, 0 pf table entries: 216, 1000008, 50292, 152118, 1628598, 0, 0 pf table entries: 216, 1000008, 64336, 138074, 1642642, 0, 0 pf table entries: 216, 1000008, 78684, 123726, 1656990, 0, 0 pf table entries: 216, 1000008, 93355, 109055, 1671661, 0, 0 pf table entries: 216, 1000008, 107742, 94668, 1686048, 0, 0 pf table entries: 216, 1000008, 122394, 80016, 1700700, 0, 0 pf table entries: 216, 1000008, 137159, 65251, 1715465, 0, 0 pf table entries: 216, 1000008, 151032, 51378, 1729338, 0, 0 pf table entries: 216, 1000008, 166269, 36141, 1744575, 0, 0 pf table entries: 216, 1000008, 180852, 21558, 1759158, 0, 0 pf table entries: 216, 1000008, 194970, 7440, 1773276, 0, 0 pf table entries: 216, 1000008, 198179, 4231, 1776485, 0, 0 pf table entries: 216, 1000008, 200954, 1456, 1779260, 0, 0 pf table entries: 216, 1000008, 7219, 195191, 1779260, 0, 0 pf table entries: 216, 1000008, 7219, 195191, 1779260, 0, 0 pf table entries: 216, 1000008, 7219, 195191, 1779260, 0, 0 --=20 | pozdrawiam / greetings | Powered by macOS, Debian and FreeBSD | | Kajetan Staszkiewicz | www: http://vegeta.tuxpowered.net | `------------------------^--------------------------------------' --IexFpbACwKUzaryWoINpkAC3uwv4Ds6rU-- --lJw0BxUDCZCQqSHuZbtCQ2PNlfzlQwjRg Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wmMEABEIACMWIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCYAa5aQUDAAAAAAAKCRDjtFCvbXs6FACr AJ9gVUzkNqksl35/0ZyguUULiZZT1wCeJC1v9dLCh40DDHQx1Ndamx2fkIg= =Wztn -----END PGP SIGNATURE----- --lJw0BxUDCZCQqSHuZbtCQ2PNlfzlQwjRg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5ffc66f1-204f-f8cc-98e9-120e559f2e57>