PF "cannot define table [...] Cannot allocate memory" since upgrade to 13.0

demonnodevil

New Member

Reaction score: 1
Messages: 2

Last weekend I upgraded my two VPS servers from 12.2 to 13.0. My primary (slightly more busy) server is fine while the secondary has an issue loading a table in the pf after a day of running.

If I do a pfctl -v -f /etc/pf.conf right after reboot it is fine. If I do it again after a day running, I get this error:
/etc/pf.conf:16: cannot define table green: Cannot allocate memory

Line 16 contains: table <green> persist file "/etc/pf.green.table"

I could use a little assistance on what to check next.



What I already did:
  • I checked (with MD5 hashes) that /etc/pf.conf on both servers are the same. (They are)
  • I checked (with MD5 hashes) that the table files (/etc/pf.*.table) on both servers are the same. (They are)
  • I checked available memory with top
  • I checked the number of entries in pf.green.table ( wc -l /etc/pf.green.table returns 8308)
  • I checked the number of entries in all table files ( wc -l /etc/pf.*.table returns 8411)
  • I checked the limits from pfctl -sa they appear to be will within range

Top on Primary server:
Mem: 210M Active, 1875M Inact, 949M Laundry, 739M Wired, 394M Buf, 109M Free
Swap: 4096M Total, 598M Used, 3498M Free, 14% Inuse

Top on Secondary server:
Mem: 276M Active, 1734M Inact, 1128M Laundry, 623M Wired, 283M Buf, 124M Free
Swap: 4096M Total, 405M Used, 3690M Free, 9% Inuse

pfctl -sa:
[...]
LIMITS:
states hard limit 100000
src-nodes hard limit 10000
frags hard limit 5000
table-entries hard limit 200000
[...]
 
OP
D

demonnodevil

New Member

Reaction score: 1
Messages: 2

Thank you. That is going to take a little bit of effort. I guess I will fire-up another virtual and see if I can build using the diffs provided.
 

Kristof Provost

Active Member
Developer

Reaction score: 70
Messages: 117

Do wait for the update. It's coming in an hour or so. The current version has a bunch of unrelated changes that you don't work. And that possibly don't even work.
 
Top