Re: pfctl: Cannot allocate memory

Greg Wooledge Tue, 09 Mar 2004 16:02:22 -0800

Cedric Berger ([EMAIL PROTECTED]) wrote:

> Here is the problem I think: 40MB of kernel memory for routing table 
> entries...
> It might be PF table stuff..., not sure yet.
> 
> Do you reload your "ban" table very often?


Whenever I notice a new IP address that needs my attention.  Unfortunately
this can often be several times in an evening.

> Do you you have a big routing table, or IPSec table?

I don't use IPSec.  The routing table grows automatically without my
attention, and I rarely look at it.  I'm just running a simple little NAT
box that also happens to be a P2P search node, web server, DNS server,
mail server, etc.

At the time I sent my last e-mail, the box had been up approximately
two weeks, so I figured I'd upgrade CVS before rebooting it.  I did
that, and now my 3.5-beta -current box has been up 22 hours.
"netstat -rn | wc" shows 79 lines.  Here's the top section (before the
IPv6 stuff, which I don't use, as far as I know).

=======================================================================
Internet:
Destination        Gateway            Flags     Refs     Use    Mtu  Interface
default            209.142.155.254    UGS       470  4603644   1492   tun0
12.169.2.37        209.142.155.254    UGHD        0  4600038   1492 L tun0
24.57.88.139       209.142.155.254    UGHD        1  4603283   1492 L tun0
24.204.73.174      209.142.155.254    UGHD        0  4602201   1492 L tun0
62.34.2.173        209.142.155.254    UGHD        1  4575857   1492 L tun0
62.49.7.13         209.142.155.254    UGHD        1  4586241   1492 L tun0
62.174.241.107     209.142.155.254    UGHD        1  4595161   1492 L tun0
62.234.101.184     209.142.155.254    UGHD        1  4594391   1492 L tun0
66.127.219.96      209.142.155.254    UGHD        0  4576111   1492 L tun0
67.68.146.35       209.142.155.254    UGHD        0  4588130   1492 L tun0
67.83.57.90        209.142.155.254    UGHD        1  4568565   1492 L tun0
68.111.105.34      209.142.155.254    UGHD        1  4602356   1492 L tun0
69.157.144.35      209.142.155.254    UGHD        1  4600227   1492 L tun0
80.37.133.135      209.142.155.254    UGHD        1  4586106   1492 L tun0
80.53.98.82        209.142.155.254    UGHD        2  4577373   1492 L tun0
80.218.93.112      209.142.155.254    UGHD        2  4588722   1492 L tun0
81.131.249.79      209.142.155.254    UGHD        1  4590363   1492 L tun0
81.204.8.47        209.142.155.254    UGHD        1  4601940   1492 L tun0
83.117.42.105      209.142.155.254    UGHD        0  4568129   1492 L tun0
83.117.114.175     209.142.155.254    UGHD        1  4602150   1492 L tun0
127/8              127.0.0.1          UGRS        0        0  33224   lo0
127.0.0.1          127.0.0.1          UH          8    37799  33224   lo0
129.81.189.207     209.142.155.254    UGHD        1  4596125   1492 L tun0
129.93.193.216     209.142.155.254    UGHD        0  4587780   1492 L tun0
134.197.63.131     209.142.155.254    UGHD        1  4600673   1492 L tun0
153.91.164.158     209.142.155.254    UGHD        1  4593471   1492 L tun0
192.168.2/24       link#1             UC          3        0      -   dc0
192.168.2.1        127.0.0.1          UGHS        0     1860  33224   lo0
192.168.2.2        0:20:78:1e:e9:bf   UHLc        0     5363      -   dc0
192.168.2.5        0:4:75:e6:56:22    UHLc        7   395126      -   dc0
192.168.2.22       0:c:6e:e7:52:44    UHLc        3    31258      -   dc0
193.77.154.39      209.142.155.254    UGHD        1  4600532   1492 L tun0
199.74.89.61       209.142.155.254    UGHD        1  4587786   1492 L tun0
200.39.198.58      209.142.155.254    UGHD        0  4588880   1492 L tun0
200.77.160.227     209.142.155.254    UGHD        1  4600106   1492 L tun0
200.95.6.184       209.142.155.254    UGHD        0  4598104   1492 L tun0
200.225.247.87     209.142.155.254    UGHD        0  4569783   1492 L tun0
203.173.21.196     209.142.155.254    UGHD        1  4598989   1492 L tun0
209.142.155.254    209.142.155.49     UH         35        0   1492   tun0
213.46.82.94       209.142.155.254    UGHD        0  4579892   1492 L tun0
213.98.18.48       209.142.155.254    UGHD        1  4585547   1492 L tun0
216.165.50.243     209.142.155.254    UGHD        1  4587643   1492 L tun0
216.178.93.164     209.142.155.254    UGHD        1  4583765   1492 L tun0
224/4              127.0.0.1          URS         0        0  33224   lo0
=======================================================================

Apart from 192.168.2.* which is obviously my LAN, and 209.142.155.254
which is the other end of my DSL pppoe connection, and the
loopback/multicast addresses, I have no idea what the others are.
I assume they were placed there after someone connected to me from that
address, or someone on my LAN surfed to a web site, etc.

Just picking one at random: 199.74.89.61 is
dhcp089061.res-hall.northwestern.edu, and is currently connected to my
OpenFT port.

If the routing table really does grow every time some spammer or P2P
user connects to me from the Internet, and never gets pruned, then
this resembles a denial of service attack. :-/  But I have a hard time
believing I'd be the only person seeing such a problem.

-- 
Greg Wooledge                  |   "Truth belongs to everybody."
[EMAIL PROTECTED]              |    - The Red Hot Chili Peppers
http://wooledge.org/~greg/     |

signature.asc
Description: Digital signature

Re: pfctl: Cannot allocate memory

Reply via email to