Help - Memory allocation errors

awebster · Dec 5, 2019, 7:29 PM

Hi...
pfSense 2.4.4-p3 with pfBlockerNG 2.1.4_18

I am intermittently getting the following errors when updating rules:

/tmp/rules.debug:24: cannot define table pfB_NAmerica_v4: Cannot allocate memory
/tmp/rules.debug:26: cannot define table pfB_NAmerica_v6: Cannot allocate memory
/tmp/rules.debug:28: cannot define table pfB_Top_v4: Cannot allocate memory

There doesn't appear to be a memory issue on the box, it has plenty of free memory.
pfBlockerNG updates successfully, no errors in the logs.
pfctl -nf /tmp/rules.debug passes successfully, however, pcftl -f /tmp/rules.debug produces the errors.

The rules.debug contains the following at the indicated lines:

# User Aliases 
table <pfB_NAmerica_v4> persist file "/var/db/aliastables/pfB_NAmerica_v4.txt"
pfB_NAmerica_v4 = "<pfB_NAmerica_v4>"
table <pfB_NAmerica_v6> persist file "/var/db/aliastables/pfB_NAmerica_v6.txt"
pfB_NAmerica_v6 = "<pfB_NAmerica_v6>"
table <pfB_Top_v4> persist file "/var/db/aliastables/pfB_Top_v4.txt"
pfB_Top_v4 = "<pfB_Top_v4>"

Files in /var/db/aliastables

-rw-r--r--  1 root  wheel   530911 Dec  3 11:00 pfB_NAmerica_v4.txt
-rw-r--r--  1 root  wheel   647476 Dec  3 10:01 pfB_NAmerica_v6.txt
-rw-r--r--  1 root  wheel    12539 Dec  5 00:00 pfB_SpamhausDROP.txt
-rw-r--r--  1 root  wheel  1134040 Dec  3 10:01 pfB_Top_v4.txt

Files each contain wc -l output:

   33462 pfB_NAmerica_v4.txt
   30800 pfB_NAmerica_v6.txt
     803 pfB_SpamhausDROP.txt
   71324 pfB_Top_v4.txt

Any ideas where to go from here to troubleshoot this?

NollipfSense · Dec 7, 2019, 2:34 PM

@awebster Maybe start by telling us how much memory you have installed on your pfSense box also how many packages installed. IDS/IPS packages plus pfBlockerNG with lots of feeds will consume memory.

awebster · Dec 9, 2019, 1:45 PM

@NollipfSense 2GB RAM installed, no other packages besides pfBlockerNG and Open-VM-Tools.

viragomann · Dec 9, 2019, 2:18 PM

Possibly you're exceeding the maximum number of table entries if you have some very large tables loaded.
Try to set a higher value in System > Advanced > Firewall & NAT > Firewall Maximum Table Entries.

awebster · Dec 9, 2019, 2:50 PM

@viragomann Thanks for your suggestion yet the pfBlockerNG log shows that the table count has not been exceeded;

pfSense Table Stats
-------------------
table-entries hard limit   400000
Table Usage Count         269175

The issue is intermittent in nature, so I suspect that one of the feeds is containing garbage data that is confusing pfctl, since these are directly imported. Some sanity checking of the feed data might be in order.

kiokoman · Dec 9, 2019, 3:31 PM

@awebster said in Help - Memory allocation errors:

cannot define table pfB_NAmerica_v4: Cannot allocate memory

take in mind that on filter reload the new one is loaded before the old is purged and with all that lines you could end up with more than the maximum number of table entries permit, you should set a higher value as suggested by @viragomann

viragomann · Dec 9, 2019, 3:37 PM

@kiokoman said in Help - Memory allocation errors:

take in mind that on filter reload the new one is loaded before the old is purged

Didn't know that as well.

awebster · Dec 9, 2019, 4:04 PM

@kiokoman Aha, that makes much more sense! Thanks!