Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Jan 2009 11:32:44 -0800
From:      "Michael K. Smith - Adhost" <mksmith@adhost.com>
To:        <pf@freebsd.org>
Subject:   Issues with PF and 7.1
Message-ID:  <17838240D9A5544AAA5FF95F8D520316056585C1@ad-exh01.adhost.lan>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Hello All:

We are having memory issues with PF and 7.1p2 that we didn't experience with 6.3.   Here's what happens.

# pfctl -f /usr/local/etc/pf.conf
/usr/local/etc/pf.conf:135: cannot define table smtpd_reject_policyd: Cannot allocate memory
/usr/local/etc/pf.conf:139: cannot define table smtpd_reject_spam: Cannot allocate memory
pfctl: Syntax error in config file: pf rules not loaded
# pfctl -t smtpd_reject_policyd -T flush
94390 addresses deleted.
# pfctl -t smtpd_reject_spam -T flush
62464 addresses deleted.
# pfctl -f /usr/local/etc/pf.conf

So, after I flush the tables it loads.  Sometimes, however, we get a global out of memory error " DIOCADDRULE: Cannot allocate memory "

Here are my entries from pf.conf for various limits.  Everything else is defaults.

set limit tables 500
set limit table-entries 250000
set limit { states 1000000, src-nodes 300000, frags 100000 }
set optimization normal
set skip on lo0
set state-policy if-bound
set timeout interval 300
set timeout src.track 1200

Finally, the box is using EM interfaces with VLAN's and has 4 Gig of physical RAM.  There are two PF boxes in Active/Failover and the errors show up on both, although they seem to show up more often on the Backup device, which seems odd.

Any help would be greatly appreciated.  

Regards,

Mike
--
Michael K. Smith - CISSP, GISP
Chief Technical Officer - Adhost Internet LLC
mksmith@adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3  08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)



[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: 9.9.1 (Build 287)

iQEVAwUBSXjJ3PTXQhZ+XcVAAQjvdAf9EYGGtY0H+CHvXxHrqf0c7PH8v+RK3KPB
s+SagdF6t3My+qg91pTtbwKOsz3jnYux2WdQzO+d+kvZOqHfpEWT8cgCi6MZBrEI
gODuw32yoiAhEEgtk4Q2jDR8wS1s7USdo8tcv6WteqMUxc7YY7rSvB5ifwzy8Bxw
wYIljG3+cqlBPM1ZSkVsHGilwA4oMc2hWOoSAKP4h4/Lb66dd0kPfqJshaE0BiH/
Bz8ngVISxEEWMOdKhgWsAM15aibOJn7Zqz1KEDPjRJ+U4We0LiJ4t1o/Mz6ZF4Iv
tmin739E6G2WRHhHw/BZqlm+xleqV39tZZU8db+AWeRzdc+FFOJWJQ==
=ziCP
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D520316056585C1>