[Bug 260406] pfctl: Cannot allocate memory (after a time)
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260406] pfctl: Cannot allocate memory (after a time)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 15 Dec 2021 10:23:50 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260406
--- Comment #13 from tech-lists@zyxst.net ---
I'm not sure if the following information is of any use, but thought I'd
mention it in case it is:
1. with more or less the same config, but configured to block many more
addresses (so the table is many times larger i guess), but on amd64 (freebsd
bhyve guest) running 13.0-p5, the command runs without error:
pf-badhost 87438 - - Using experimental "aggy" aggregator...
2182 addresses added.
2854 addresses deleted.
pf-badhost 87506 - -
IPv4 addresses in table: 1044433099
but in dmesg there is the message that pf states limit has been reached. The vm
still works/passes traffic though. The vm has 8GB vram. I've not tried
increasing that yet.
here is pfctl -si
# pfctl -si
Status: Enabled for 38 days 17:47:57 Debug: Urgent
Interface Stats for vtnet0 IPv4 IPv6
Bytes In 2872664371 0
Bytes Out 1616348865 0
Packets In
Passed 5573603 0
Blocked 414006 0
Packets Out
Passed 6592735 0
Blocked 13559 0
State Table Total Rate
current entries 10
searches 12593897 3.8/s
inserts 863091 0.3/s
removals 863081 0.3/s
Counters
match 1290749 0.4/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 6 0.0/s
memory 13471 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 14 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
map-failed 0 0.0/s
--
You are receiving this mail because:
You are the assignee for the bug.