Date: Sat, 11 Dec 2021 16:14:54 +0000 From: tech-lists <tech-lists@zyxst.net> To: freebsd-questions@freebsd.org Cc: freebsd-pf@freebsd.org Subject: pf cannot allocate memory after a time Message-ID: <YbTOficBUC8vhklu@ceres.zyxst.net>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi, context: main-n251261-25d0ccbe101 on arm64.aarch64 (raspberry pi4b/8GB) I'm trying to use pf with pf-badhosts (https://geoghegan.ca/pub/pf-badhost/latest/install/freebsd.txt) and am seeing what *seems like* a pf problem which has been reported elsewhere in different contexts ( e.g. https://forums.freebsd.org/threads/cannot-define-table-cannot-allocate-memory-since-upgrade-to-13-0.80822/ ) from pfctl -sa: [...] LIMITS: states hard limit 100000 src-nodes hard limit 10000 frags hard limit 5000 table-entries hard limit 25400000 [*] [...] [*] the pf-badhosts guide quotes 400000 for this value; I bumped it to 25400000 in order to "give pf more memory" The problem is that if pf tables either get reloaded or if the machine is running for say over 24 hrs, pf throws errors. This works if the machine is rebooted but pf isn't switched on: [...] # doas -u _pfbadhost pf-badhost -O freebsd Password: pf-badhost 1512 - - Using experimental "aggy" aggregator... 6105 addresses added. 6235 addresses deleted. pf-badhost 1580 - - IPv4 addresses in table: 619200750 [...] running pfctl -e -f /etc/pf.conf loads and runs. A day or so later, I'll see this in the logs, after pf-badhost runs its update: [...] pf-badhost 15202 - - Using experimental "aggy" aggregator... pfctl: Cannot allocate memory. pf-badhost 15256 - - ERROR: '/etc/pf-badhost.txt' contains invalid data! Reverting changes and bailing out... [...] There's plenty of memory. I've tried running this with one term on top -P open and there's always 1-2GB available (free) as well as 12GB of swap which is unused. If I try pfctl -Fa -f /etc/pf.conf and log back in and then run pf-badhost manually: [...] # doas -u _pfbadhost pf-badhost -O freebsd [...] not only the pfbadhost table doesn't load but nothing loads: [...] # pfctl -e -f /etc/pf.conf /etc/pf.conf:18: cannot define table pfbadhost: Cannot allocate memory /etc/pf.conf:23: cannot define table rfc6890: Cannot allocate memory /etc/pf.conf:26: cannot define table gooDNS6: Cannot allocate memory /etc/pf.conf:27: cannot define table friends: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded [...] The only solution is a reboot. How to fix? Do I need to increase src-nodes/frags? thanks, -- J. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE8n3tWhxW11Ccvv9/s8o7QhFzNAUFAmG0zmMACgkQs8o7QhFz NAUMYQ/+P25LK+OJRK3ZUfiJvuGx1QYDkzf3qrGUxwPUVL7oZGSJrsa7rdP3fyjz YNknpTKAsKBL22WAaCnoJG0zRKEwAZEsmhteh2ND2wAJj8VzzwsPvLCQV85tC5hQ HJygdyxTwdmnS/vmbSyPFjNcS30yYheIsUqnilOYsQZ4k6lsQTmiX/6eoss2L8NP RvGHcKY22uN3WZCGMH4rvZ/rxZ7+ZM+FU5M13RxZU/mYsyjuZLi9CU8Piqwrbqlo fOM36iN6ifIwy+d2D2CrOBucXYBWAeSt4GZZf2AVnqvbFVPNwRH75iZR3Y6PjWgc 2AJi1beTvoV0Wjt49gh5oTCiaiVFISpcElfmRlTk0N1wPYpBUfYJ/Mf7/HCsO2pt rDyIg930ihze/WV+5Pl4MPDj2APiR2C9Zfh+qvxw8AJd9x2Guuq4nt7pwmZykEtg DgYdCcyi7MGel7vCHrtCFZpUpA9uruj/0/6YBs6pUofstqZ3bPCx+rNzgsWqeM5l uIl9A0YGb4IpaxLYhXgev+VSG9Gwhzfzslbs5pCAj6SGgLDQFoDgNeMEotIsMSzk dMMyVV2ntQQ0nWz9ny3e7hNNHgeCU40Cxmlycnj5k05lgUXQHaIDZuDCAlIBr0Nf 1J3MXSCsXo/ENKHPxXmnGujk1TlK5vp2qExa6cdn5VQS/1bJcp4= =LWjd -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YbTOficBUC8vhklu>