Hi Greg,
Thanks for the very detailled report!
# pfctl -T load -f /etc/pf.conf
pfctl: Cannot allocate memory
[...]
17006 pfctl CALL ioctl(0x3,_IOWR('D',0x4d,0x44),0xcfbfb630)
17006 pfctl RET ioctl -1 errno 12 Cannot allocate memory
[...]
Some of you are going to think that I should be running GENERIC, and I'd
love to, if it'd kindly stop crashing with "map entry" errors. Here's
the diff between GENERIC and BUSY:
===========================================================================
# diff GENERIC BUSY
33a34,36
# Greg's changes, stabbing blindly in the dark....
option MAX_KMAPENT=2000
You're getting an error from pfctl because PF kernel code
cannot allocate memory to reload your address list.
When reloading an address list from pf.conf, it temporarily
use 2x the kernel memory required to store the table entries
(i.e. during the time pfctl does his job, both the old and new
tables use kernel memory)
But the real problem is that you reach some limits in your
kernel, very likely the same that makes your system crash
with the default MAX_KMAPENT. The real solution is
to find what is eating all theses kernel resources.
"vmstat -m" output would help.
Now maybee you could succeed reloading your table with
the command: "pfctl -t ban -Tr -f /etc/ban", because this
command is more optimized and will allocate less kernel
memory. It will run faster too.
Hope that helps, and let us know if you find something with
"vmstat -m" output. If it is PF that leaks kernel memory, we
need to fix that!
Cedric
