[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kernel/2211: PF / Kernel problem, it filtered all ports
I have the same problem here (OpenBSD 3.0-stable). I got panic after
successfully creating around 50000+ states using "nmap -sS -p 1-65535
<ipaddr>"
I used this command to query the # of states: pfctl -ss | wc
But the problem went away when I added the following the kernel config file.
option NMBCLUSTERS=8192
option NKMEMCLUSTERS=16384
Using the new kernel (with options above), I was able to create around
130,000 states without any panics and the system stable now.
**---
# pfctl -ss | wc
131034 655170 9196098
**----
Additionally, I am using "pfctl -O conservative".
My pf.conf:
**--
pass in quick from any to any keep state
pass out quick from any to any keep state
**--
I feel the problem is not in PF.
Thank you
Karthik
On Thursday 29 November 2001 05:40, Daniel Hartmeier wrote:
> On Wed, Nov 28, 2001 at 10:21:19PM +0100, Daniel Hartmeier wrote:
> > panic: malloc: out of space in kmem_map
> > _malloc
> > _amap_extend
> > _uvm_map
> > _sys_obreak
> > _syscall
> > --- syscall (number 17) ---
>
> vmstat -m -M output is on http://www.benzedrine.cx/vmstat.txt, if anyone
> wants to take a look.