Error: : /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory

posix

Hello,
Just started seeing the error messages last month and recent:

Last month:

There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 18:50:51
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 18:51:51
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:08:21
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:10:05
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:12:37
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:13:52
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:16:15
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:17:40
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:17:54
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:19:02
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:20:27
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2022-12-29 21:21:34

Then I deleted the log thinking it was one off and then it came back:

There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:18
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:21
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:24
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:28
There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_PRI1_v4> persist file "/var/db/aliastables/pfB_PRI1_v4.txt"
@ 2023-01-04 22:01:31

No configuration change or anything occurred.

system is:
Netgate 5100
22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE

with the following packages:
acme 0.7.3
Avahi 2.2_1
Cron 0.3.8_1
darkstat 3.1.3_5
haproxy-devel 0.62_10
openvpn-client-export 1.6_8
pfBlockerNG-devel 3.1.0_9
snort 4.1.6
Status_Traffic_Totals 2.3.2_2

Gertjan

@posix said in Error: : /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory:

Cannot allocate memory - ....... "/var/db/aliastables/pfB_PRI1_v4.txt"

So, question : what is this the size of this /var/db/aliastables/pfB_PRI1_v4.txt file ?
And the easy fix : make it smaller ?!

It's called "pfB_PRI1_v4.txt " so you know who made the file.
Yeah, true, pfBlockerNG, but you told it to stash all that info into it. So : use less IP feeds ?!

Or, do what has been said here pfsense pfB_PRI1_v4: Cannot allocate memory
Several suggestions exist, although some make no sens, like "disable all IP feeds", run pfblocker reload all, and then ebable them again, and reload all.

posix

@gertjan
Hi
As I mentioned there has been no configuration change in the pfBlockerNG lists, I have used the same lists for many years now. These messages recently started so although I told pfBlocker to create the list, that was only once. I have left the PRI1 list alone for many years.

doing a line count:

/var/db/aliastables: ls -l
total 1028
-rw-r--r-- 1 root wheel 326796 Jan 6 11:00 pfB_Asia_v4.txt
-rw-r--r-- 1 root wheel 195578 Jan 9 00:01 pfB_PRI1_v4.txt
-rw-r--r-- 1 root wheel 470797 Jan 6 11:00 pfB_Top_v4.txt
-rw-r--r-- 1 root wheel 93 Dec 16 12:30 pfB_Whitelist_v4.txt

var/db/aliastables: more pfB_PRI1_v4.txt | wc -l
13378

I am not sure what caused the list to grow as much as it did. Nor do I have historic information to compare against.login-to-view

Gertjan

@posix said in Error: : /tmp/rules.debug:36: cannot define table pfB_PRI1_v4: Cannot allocate memory:

var/db/aliastables: more pfB_PRI1_v4.txt | wc -l

Did you do the test :
Disable all : does it work now ?
Enable one third : does it work now ?
Enable two third : does it work now ?
Etc.

pf doesn't use 'all available RAM' but an upfront declared number of "slots". See the links in my previous post.

Keep in mind : for every out of state connection, the packet header has to be compared with these 13378 entries.

posix

@gertjan

I didnt have to disable all or reinstall pfBlockerNG.

The only thing I did was increase the Firewall Maximum Table Entries to 600000

located at System / Advanced / Firewall & NAT

from previous value of 400000

Maybe I bought some more time?

terryzb

@posix @Gertjan

Replying to this old thread to say thank you. I encountered this same "pfB_PRI1_v4 Cannot allocate memory" errors on my 2100 and it was solved by increasing System/Advanced/Firewall & NAT/Firewall Maximum Table Entries from 400000 to 600000.

The 2100 had been running without issue for many months and the last reboot was for the 24.11 upgrade. What caused me to check the 2100 was I had become unable to screen share when connecting via IPsec VPN from the outside. The IPsec connection was successful but vnc attempts to connect to a machine on the network timed out. After changing the Table Entries setting it immediately started working again.