From owner-freebsd-pf@FreeBSD.ORG Sat Dec 18 01:28:08 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A82D016A4CE for ; Sat, 18 Dec 2004 01:28:08 +0000 (GMT) Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 216C243D48 for ; Sat, 18 Dec 2004 01:28:08 +0000 (GMT) (envelope-from yongari@kt-is.co.kr) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id iBI1N1Ah054765 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 18 Dec 2004 10:23:01 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.13.1/8.13.1) with ESMTP id iBI1S4Q6002688 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 18 Dec 2004 10:28:04 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.13.1/8.13.1/Submit) id iBI1Rx47002687; Sat, 18 Dec 2004 10:27:59 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Date: Sat, 18 Dec 2004 10:27:59 +0900 From: Pyun YongHyeon To: jon@abccomm.com Message-ID: <20041218012759.GA2648@kt-is.co.kr> References: <8eea0408041217104076562192@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8eea0408041217104076562192@mail.gmail.com> User-Agent: Mutt/1.4.2.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) cc: freebsd-pf@freebsd.org Subject: Re: problem with table X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: yongari@kt-is.co.kr List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2004 01:28:08 -0000 On Fri, Dec 17, 2004 at 10:40:00AM -0800, Jon Simola wrote: > On Fri, 17 Dec 2004 17:58:00 +0100, ChOcO Bn wrote: > > i'm using freebsd 5.3 with pf and altq compiled in kernel. > > i'm trying to fill a table with a file containing some range of ips ( > > according to CIDR norms ) > > > > choco ~/ip_guardian# cat guarding.ip | wc -l > > 46916 > > > > and when i try to reload my rules, i can't get it work : > > > > "cannot define table guardian: Cannot allocate memory" > > > > How could i handle this ? > > I'd try various amounts to see how many you can load into a table. I > suspect 47 thousand is a bit much, perhaps trying multiple smaller > tables? During early days of pf porting, I measured table's locking overhead within copyin/copyout using TSC. At that time I used 108000 entries generated by shell script. AFAIK, the number of entries that can be loaded into a table depends on available kernel memory. And there is no limit if your system has enough memory. -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org