Date: Wed, 18 May 2011 16:12:16 +0300 From: =?ISO-8859-1?Q?Richard_Brend=F6rfer?= <neamtu@gmail.com> To: "quentin.narvor" <quentin.narvor@ensi-bourges.fr> Cc: freebsd-pf@freebsd.org Subject: Re: Large table issue Message-ID: <BANLkTikSE1BTv-YBfMgtsxFkZ9X8-QJ77w@mail.gmail.com> In-Reply-To: <f0e7334eec06e84af364ebc26ce47dc4@ensi-bourges.fr> References: <390946c3b25ae3d887574555a494cb42@ensi-bourges.fr> <BANLkTik_V1%2BzWk%2BeU64ecK3sVOhTq2h-dw@mail.gmail.com> <f0e7334eec06e84af364ebc26ce47dc4@ensi-bourges.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Look what I found: One side note: It might occur that PF states: "Cannot allocate memory", in which case the table is too big to fit in memory. The problem is that FreeBSD has a limit on the maximum size a program may b= e in memory. This is by default 524288 kB. One can obtain this and other limits by entering (values in kB): In sh: *# ulimit -a* In tcsh: *# limits* To resolv the problem, simply edit /boot/defaults/loader.conf. Find the following line under the "Kernel tunables" section: #kern.maxdsiz=3D"" # Set the max data size And change it into (values in bytes): kern.maxdsiz=3D"1073741824" # Set the max data size (IN BYTES) Changes made to /boot/defaults/loader.conf will be effective after rebooting. On Wed, May 18, 2011 at 4:00 PM, quentin.narvor < quentin.narvor@ensi-bourges.fr> wrote: > On Wed, 18 May 2011 15:34:49 +0300, Richard Brend=F6rfer wrote: > >> Hi, >> try with _set limit table-entries number_ in pf.vonf or split you >> table in 2 or 3 tables. >> >> Hi, > > I forgot to say that I have already set this option to 3000000 in my > pf.conf. > I have tried to split the table in smaller pieces (~450000 entries in eac= h > table) but the command "pfctl -f /etc/pf.conf" gives me the same memory > issue when loading the third table. > I don't know the precise number but it seems that there is a limit near > 1000000 entries for the sum of all tables, even with the limit table-entr= ies > set to 3000000. > > On Wed, May 18, 2011 at 2:03 PM, quentin.narvor wrote: >> >> I am trying to detect problems on hosts in my network : I want to >>> detect when a communication occurs with a compromised host. >>> I have built a blacklist which holds near 2 millions ip (spam, >>> malware.... hosts). >>> >>> But I can't load it into pf, I get this when I try : >>> >>> /etc/pf.conf:6: cannot define table bl: Cannot allocate >>> memory >>> pfctl: Syntax error in config file: pf rules not loaded >>> >>> I suspect there is a memory limitation somewhere (in the kernel ??) >>> which prevent me from loading the table but I am not very >>> comfortable with kernel variables. >>> I have already try modifying kern.maxssiz and kern.dflsiz without >>> success. >>> >>> Any idea? >>> _______________________________________________ >>> freebsd-pf@freebsd.org [1] mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf [2] >>> >>> To unsubscribe, send any mail to >>> "freebsd-pf-unsubscribe@freebsd.org [3]" >>> >> >> >> >> Links: >> ------ >> [1] mailto:freebsd-pf@freebsd.org >> [2] http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> [3] mailto:freebsd-pf-unsubscribe@freebsd.org >> [4] mailto:quentin.narvor@ensi-bourges.fr >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTikSE1BTv-YBfMgtsxFkZ9X8-QJ77w>