Date: Thu, 20 Aug 2020 17:40:25 -0700 From: Chris <bsd-lists@BSDforge.com> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: net.pf.request_maxcount: UNDESIRABLE_OID Message-ID: <54a0a1c4da6d5add83ecdf2668cf2f7b@udns.ultimatedns.net>
next in thread | raw e-mail | index | archive | help
We've been developing an appliance/server based on FreeBSD && pf(4)=2E We started some time ago, and have been using a very early version of 12=2E We're now collecting some 20,000,000 IP's /mos=2E So we're satisfied we're close to releasing=2E As such, we needed to bring the release up to a supported (freebsd) version (12-STABLE)=2E We would have done so sooner=2E But we need a stable (unchanging) testbed to evaluate what we're working on=2E We built and deployed a copy of 12-STABLE @r363918 that contained our work with pf(4)=2E Booting into it failed unexpectedly with: cannot define table nets: too many elements=2E Consider increasing net=2Epf=2Erequest_maxcount=2E pfctl: Syntax error in config file: pf rules not loaded OK this didn't happen on our testbed prior to the upgrade with a combined count of ~97,000,900 IPs=2E In fact the OID mentioned didn't exist=2E For reference; our testbed provides DNS, www, mail for ~60 domains/hosts, as well as our pf(4) testing=2E We can happily load our tables, and run these services w/8Gb RAM=2E This OID is more a problem than a savior=2E Why not simply return ENOMEM? Isn't that what it used to do? pf=2Econf(5) already facilitates thresholds, and they aren't _read only_=2E Is there any way to turn this OID off; like using a -1 value? Or will we need to simply back out the commit? Thanks in advance for any advice=2E --Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54a0a1c4da6d5add83ecdf2668cf2f7b>