> On 16 Aug 2025, at 10:34, Florian Smeets <f...@smeets.xyz> wrote:
>
> On 06.08.25 00:28, Kristof Provost wrote:
>> The branch main has been updated by kp:
>> URL:
>> https://cgit.FreeBSD.org/src/commit/?id=bad279e12deb3e4e4528dbc6b06f56aefb165b15
>> commit bad279e12deb3e4e4528dbc6b06f56aefb165b15
>> Author: Kristof Provost <k...@freebsd.org>
>> AuthorDate: 2025-08-01 14:18:52 +0000
>> Commit: Kristof Provost <k...@freebsd.org>
>> CommitDate: 2025-08-05 22:27:14 +0000
>> pf: convert DIOCRDELADDRS to netlink
>>
> Hi Kristof,
>
> this is causing issues with crowdsec. The pfctl process is using up all
> memory and gets killed by the OOM killer.
>
> The issue appears to be trying to delete IPs that are not part of a table,
> which can apparently happen with crowdsec.
>
> root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T show|tail -1
> 223.247.218.112
> root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T delete 223.247.218.112
> 1/1 addresses deleted.
> root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T show|grep 223.247.218.113
> root@fw:~ # /sbin/pfctl -t crowdsec-blacklists -T delete 223.247.218.113
> load: 0.65 cmd: pfctl 26515 [runnable] 10.19r 0.75u 4.86s 32% 802128k
> load: 0.78 cmd: pfctl 26515 [runnable] 17.67r 1.41u 8.19s 40% 1452576k
> load: 0.89 cmd: pfctl 26515 [running] 29.14r 2.44u 13.16s 46% 2506284k
>
Yeah, I’ve had other reports. Both add and delete have issues. I know what the
problem is. I just need to finish the test case before I can commit.
Expect it early next week.
—
Kristof
