Re: git: bad279e12deb - main - pf: convert DIOCRDELADDRS to netlink

Florian Smeets Sat, 16 Aug 2025 01:34:30 -0700

On 06.08.25 00:28, Kristof Provost wrote:

The branch main has been updated by kp:


URL: 
https://cgit.FreeBSD.org/src/commit/?id=bad279e12deb3e4e4528dbc6b06f56aefb165b15

commit bad279e12deb3e4e4528dbc6b06f56aefb165b15
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-08-01 14:18:52 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-08-05 22:27:14 +0000

     pf: convert DIOCRDELADDRS to netlink

Hi Kristof,

this is causing issues with crowdsec. The pfctl process is using up all memory and gets killed by the OOM killer.

The issue appears to be trying to delete IPs that are not part of a table, which can apparently happen with crowdsec.


root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T show|tail -1
   223.247.218.112
root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T delete 223.247.218.112
1/1 addresses deleted.
root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T show|grep 223.247.218.113
root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T delete 223.247.218.113
load: 0.65  cmd: pfctl 26515 [runnable] 10.19r 0.75u 4.86s 32% 802128k
load: 0.78  cmd: pfctl 26515 [runnable] 17.67r 1.41u 8.19s 40% 1452576k
load: 0.89  cmd: pfctl 26515 [running] 29.14r 2.44u 13.16s 46% 2506284k

Florian

OpenPGP_0xEF5BA4DCD5A9F3C0.asc
Description: OpenPGP public key

OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: git: bad279e12deb - main - pf: convert DIOCRDELADDRS to netlink

Reply via email to