Cannot define table: Cannot allocate memory


  • Banned

    
    New alert found: There were error(s) loading the rules: /tmp/rules.debug:45: cannot define table pfB_P2P: Cannot allocate memory - The line in question reads [45]: table <pfb_p2p>persist file "/var/db/aliastables/pfB_P2P.txt"</pfb_p2p> 
    
    
    $ wc -l /var/db/aliastables/pfB_P2P.txt
      443566 /var/db/aliastables/pfB_P2P.txt
    
    
    
    $ pfctl -sa | grep -C4 LIMITS | tail -n 5
    LIMITS:
    states        hard limit   197000
    src-nodes     hard limit   197000
    frags         hard limit     5000
    table-entries hard limit 10000000
    
    

    Hmmm?  ???



  • That 32 or 64 bit? There was some other limit beyond what's defined, which could be lower on 32 than 64 bit. Only thing that comes to mind offhand. Unless you have a whole ton of other really big aliases I don't see you actually hitting that limit.


  • Banned

    64bit full install. It's intermitent, but frequent enough to become a PITA. The rest of aliases are rather small. Altogether, definitely not getting over 600K.



  • Intermittent while the system is running, or only during boot? Any means of replicating?


  • Banned

    Hmmmm… Install pfBNG, use some big lists, see it happen on blocklist updates or some filter reload.

    These are what's in the pfB_P2P alias:

    EDIT: Running

    
    playback gitsync RELENG_2_2
    
    

    reproduced this on 3 out of 4 attempts:

    
    Jul 3 14:12:15	php: rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:45: cannot define table pfB_P2P: Cannot allocate memory - The line in question reads [45]: table <pfb_p2p>persist file "/var/db/aliastables/pfB_P2P.txt"
    Jul 3 14:11:37	php: pfSsh.php: Start Configuration upgrade at 14:11:37, set execution timeout to 15 minutes
    
    Jul 2 09:16:40	php: rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:45: cannot define table pfB_P2P: Cannot allocate memory - The line in question reads [45]: table <pfb_p2p>persist file "/var/db/aliastables/pfB_P2P.txt"
    Jul 2 09:16:04	php: pfSsh.php: Start Configuration upgrade at 09:16:04, set execution timeout to 15 minutes
    
    Jul 1 20:43:27	php: rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:45: cannot define table pfB_P2P: Cannot allocate memory - The line in question reads [45]: table <pfb_p2p>persist file "/var/db/aliastables/pfB_P2P.txt"
    Jul 1 20:42:52	php: pfSsh.php: Start Configuration upgrade at 20:42:52, set execution timeout to 15 minutes</pfb_p2p></pfb_p2p></pfb_p2p> 
    

  • Banned

    Still pretty reliably reproducible on 2.2.4 snaps with gitsync (Configuring filter… => the above error.)



  • Go ahead and open up a bug on this, even without knowing the root cause or exact replicable circumstance, I trust it's legit. I'll give replicating that a shot sometime in the next few days.


  • Banned

    @cmb:

    Go ahead and open up a bug on this, even without knowing the root cause or exact replicable circumstance, I trust it's legit. I'll give replicating that a shot sometime in the next few days.

    Thanks, done: https://redmine.pfsense.org/issues/4876

    Attached the relevant pfBNG config parts as well.


  • Banned

    Just an update here:

    Good news: definitely not hallucinating: https://lists.freebsd.org/pipermail/freebsd-pf/2011-May/006139.html
    Bad news: the hints on the ML thread are useless. kern.maxdsiz is set to ~34 GiB here, so that definitely is not the tunable to play with.