Date: Fri, 11 Feb 2022 17:15:34 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 260406] pfctl: Cannot allocate memory (after a time) Message-ID: <bug-260406-227-Tal003CH6t@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260406-227@https.bugs.freebsd.org/bugzilla/> References: <bug-260406-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260406 Jean-Claude MICHOT <jc@michot.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jc@michot.fr --- Comment #67 from Jean-Claude MICHOT <jc@michot.fr> --- Same problem here with 'pfctl: Cannot allocate memory.', it's reported by fail2ban=20 (anyway same for blacklistd). 2022-02-09 19:34:30,354 fail2ban.utils [64280]: ERROR 8021b2730 = -- exec: pfctl -a f2b/ssh-pf -t f2b-ssh-pf -T add 45.9.20.25 2022-02-09 19:34:30,354 fail2ban.utils [64280]: ERROR 8021b2730 = -- stderr: 'pfctl: Cannot allocate memory.' 2022-02-09 19:34:30,354 fail2ban.utils [64280]: ERROR 8021b2730 = -- killed with signal 127 (return code: 255) # freebsd-version -uk 13.0-RELEASE-p4 13.0-RELEASE-p4 "pfctl -T del IP" still usable, but add new rule is impossible until reboot= :( # vmstat -m | grep -E 'pf|Size' Type InUse MemUse Requests Size(s) pfs_nodes 20 8K 20 384 pfs_vncache 1 128K 1 pfil 11 1K 11 64,128 tcpfunc 1 1K 1 64 pf_temp 0 0K 55 32 pf_hash 5 11524K 5 2048 pf_ifnet 19 7K 171 256,2048 pf_osfp 1191 123K 3573 64,128 pf_rule 269 181K 341 128,1024 pf_table 11 22K 24200 2048 # vmstat -z | grep pf pf mtags: 48, 0, 0, 84, 55, 0, 0, = 0 pf tags: 104, 0, 0, 0, 0, 0, 0, = 0 pf states: 296, 100000, 40, 2703, 4287549, 0,=20=20 0,2135254 pf state keys: 88, 0, 58, 6106, 4592659, 0,=20=20 0,2280096 pf source nodes: 136, 10000, 0, 0, 0, 0, 0, = 0 pf table entry counters: 64, 0, 0, 0, 200, 0, = 0,=20=20 0 pf table entries: 160, 200000, 152, 48, 488,7420, 0, = 0 pf frags: 248, 0, 0, 16, 15, 0, 0, = 0 pf frag entries: 40, 5000, 0, 101, 40, 0, 0, = 0 pf state scrubs: 40, 0, 0, 0, 0, 0, 0, = 0 # sysctl -a | grep net.pf net.pf.rule_tag_hashsize: 128 net.pf.request_maxcount: 65535 net.pf.source_nodes_hashsize: 32768 net.pf.states_hashsize: 131072 # pfctl -si Status: Enabled for 93 days 22:56:25 Debug: Urgent State Table Total Rate current entries 840 searches 5992674224 738.2/s inserts 4288356 0.5/s removals 4287516 0.5/s Counters match 1169829912 144.1/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 87 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 2 0.0/s proto-cksum 0 0.0/s state-mismatch 1206 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s map-failed 0 0.0/s # top -b | head -8 last pid: 20669; load averages: 0.08, 0.11, 0.09 up 93+22:59:55=20=20= =20 18:11:49 160 processes: 1 running, 158 sleeping, 1 zombie CPU: 0.3% user, 0.0% nice, 0.1% system, 0.0% interrupt, 99.6% idle Mem: 90M Active, 829M Inact, 506M Laundry, 59G Wired, 2173M Free ARC: 52G Total, 28G MFU, 22G MRU, 3368K Anon, 281M Header, 1419M Other 48G Compressed, 61G Uncompressed, 1.27:1 Ratio Swap: 46G Total, 1939M Used, 44G Free, 4% Inuse --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260406-227-Tal003CH6t>