Error: : /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory

posix

Hello,
Just started seeing the error messages last month and recent:

Last month:

There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 18:50:51
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 18:51:51
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:08:21
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:10:05
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:12:37
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:13:52
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:16:15
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:17:40
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:17:54
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:19:02
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:20:27
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:21:34

Then I deleted the log thinking it was one off and then it came back:

There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:18
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:21
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:24
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:28
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:31

No configuration change or anything occurred.

system is:
Netgate 5100
22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE

with the following packages:
acme 0.7.3
Avahi 2.2_1
Cron 0.3.8_1
darkstat 3.1.3_5
haproxy-devel 0.62_10
openvpn-client-export 1.6_8
pfBlockerNG-devel 3.1.0_9
snort 4.1.6
Status_Traffic_Totals 2.3.2_2

Gertjan

@posix said in Error: : /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory:

Cannot allocate memory - ....... "/var/db/aliastables/pfB_PRI1_v4.txt"

So, question : what is this the size of this /var/db/aliastables/pfB_PRI1_v4.txt file ?
And the easy fix : make it smaller ?!

It's called "pfB_PRI1_v4.txt " so you know who made the file.
Yeah, true, pfBlockerNG, but you told it to stash all that info into it. So : use less IP feeds ?!

Or, do what has been said here pfsense pfB_PRI1_v4: Cannot allocate memory
Several suggestions exist, although some make no sens, like "disable all IP feeds", run pfblocker reload all, and then ebable them again, and reload all.

posix

@gertjan
Hi
As I mentioned there has been no configuration change in the pfBlockerNG lists, I have used the same lists for many years now. These messages recently started so although I told pfBlocker to create the list, that was only once. I have left the PRI1 list alone for many years.

doing a line count:

/var/db/aliastables: ls -l
total 1028
-rw-r--r-- 1 root wheel 326796 Jan 6 11:00 pfB_Asia_v4.txt
-rw-r--r-- 1 root wheel 195578 Jan 9 00:01 pfB_PRI1_v4.txt
-rw-r--r-- 1 root wheel 470797 Jan 6 11:00 pfB_Top_v4.txt
-rw-r--r-- 1 root wheel 93 Dec 16 12:30 pfB_Whitelist_v4.txt

var/db/aliastables: more pfB_PRI1_v4.txt | wc -l
13378

I am not sure what caused the list to grow as much as it did. Nor do I have historic information to compare against.

Gertjan

@posix said in Error: : /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory:

var/db/aliastables: more pfB_PRI1_v4.txt | wc -l

Did you do the test :
Disable all : does it work now ?
Enable one third : does it work now ?
Enable two third : does it work now ?
Etc.

pf doesn't use 'all available RAM' but an upfront declared number of "slots". See the links in my previous post.

Keep in mind : for every out of state connection, the packet header has to be compared with these 13378 entries.

posix

@gertjan

I didnt have to disable all or reinstall pfBlockerNG.

The only thing I did was increase the Firewall Maximum Table Entries to 600000

located at System / Advanced / Firewall & NAT

from previous value of 400000

Maybe I bought some more time?