From nobody Mon May 02 16:18:53 2022
X-Original-To: pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id F2C001ABECC4
	for <pf@mlmmj.nyi.freebsd.org>; Mon,  2 May 2022 16:18:53 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4KsSvd4t7Yz4mY7
	for <pf@FreeBSD.org>; Mon,  2 May 2022 16:18:53 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 885135301
	for <pf@FreeBSD.org>; Mon,  2 May 2022 16:18:53 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 242GIrQv053144
	for <pf@FreeBSD.org>; Mon, 2 May 2022 16:18:53 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 242GIrWa053143
	for pf@FreeBSD.org; Mon, 2 May 2022 16:18:53 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: pf@FreeBSD.org
Subject: [Bug 263626] PF is unable to load more than 200000 entries
Date: Mon, 02 May 2022 16:18:53 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.0-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: portmaster@bsdforge.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: pf@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-263626-16861-42nIt8hZ9a@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-263626-16861@https.bugs.freebsd.org/bugzilla/>
References: <bug-263626-16861@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1651508333;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=SM8ExbKnuujA6H6N0a8XWNGjq5nuU76Egelhf6eCFH8=;
	b=XPZmNQlZY8mZ3VsJLTy+U/tKMXY0649VQF1GdYEh7T6m++hTF8Zw5iace2QQaswPjGoxxP
	Bsdf1tMBEWQ0FVnQegVSIOscEHcOYiiVEwNppFp/cUlLFCUlHBPjC7QE2lPV6HjAZ9G7Xf
	pFCZUAw2Fimyta6oQ717gsgBgXBQqViqpjPuvxpv/yoBW0n+Lsrto3ga85tCmEQMxvZypO
	/Vd8UsQrZH01PPSQG37HdpfZdnwUvwPi6oM6ZyenuDOBY/g9lny2Cu9evSN+blyFhF99mI
	jMPofC0nFDKWOYDiSwv/3zn9gjHaJYC0zeMmuwDVlSBZYebkZn4WWd5mK88XBw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651508333; a=rsa-sha256; cv=none;
	b=dOrB6vZ8CBxa5tqY9Xwcn6J1M1IlecjvRGUDjTi64Xmi4mJNbGFw4gBHnD8TAxPPJGSqbj
	eFq9/H3xl8rurqPqdJX79pQz3TvYkomLP60+rnNfNIAeBpmRk0b0piDdjAPanrl7Qj4AZm
	S87IYDLNDKcBuIiVjL6PkStlUyaHwF32jEVO5AANOgP2ZwUyVl8Tp4PNuJyrS/rAmDgXbb
	N8zjNQWNz6lRwWOkwtpdgTGtNADQEDivel/gaVm+A4ZGi+rbZ+SCokI+Txpp50BUIw4PxZ
	fHDce/KHlvMcoXKTjxuynf2Fal+zBHu/X1HbUXpTqO4ugYCiRhTQb5WBQMSwQA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263626

--- Comment #6 from Chris Hutchinson <portmaster@bsdforge.com> ---
(In reply to Kajetan Staszkiewicz from comment #5)
I don't understand. Anyone filtering with pf(4) using
tables should know that they will need to monitor the
size of the tables in use. Their system has limits.
It is not the responsibility of pf(4) to ensure those
thresholds are set high enough. It is the responsibility
of the administrator. The pfctl(8) man page explains
all of this, and also provides examples. If the
administrator is unwilling to monitor, eventually pf
will be unable to load some table and bail. Leaving it
up to the administrator to discover how large the entry
count is. increase the threshold && restart pf(4). It's
as simple as that. The whole process shouldn't any longer
than 20 seconds to perform -- no reboot required.

--=20
You are receiving this mail because:
You are the assignee for the bug.=