Hi tech@
I'm trying to add log message when the pf(4) state table becomes
exhausted/full. After reading the code, I learned that it's using
pool_sethardlimit(9) to manage the resources.
Conveniently, pool_sethardlimit(9) takes the argument warnmess, which is
printed to the console when the limits are reached. Unfortunately, it
seems like this isn't true and I can't find anywhere in the source where
it actually does this.
The patch below add this functionality, even if it's not really used
right now. It's being called from the following files:
/usr/src/sys/net/pf_ioctl.c
/usr/src/sys/net/pf_norm.c
/usr/src/sys/netinet/tcp_subr.c
/usr/src/sys/netinet/tcp_usrreq.c
And it seems like warnmess is NULL everywhere.
Index: kern/subr_pool.c
===================================================================
RCS file: /cvs/src/sys/kern/subr_pool.c,v
retrieving revision 1.234
diff -u -p -r1.234 subr_pool.c
--- kern/subr_pool.c 15 Jun 2021 05:24:46 -0000 1.234
+++ kern/subr_pool.c 21 Aug 2021 15:09:33 -0000
@@ -624,6 +624,14 @@ good:
fail:
pp->pr_nfail++;
pl_leave(pp, &pp->pr_lock);
+ if (pp->pr_hardlimit_warning != NULL &&
+ (pp->pr_hardlimit_ratecap.tv_sec == 0 ||
+ pp->pr_hardlimit_warning_last.tv_sec == 0 ||
+ getuptime() - pp->pr_hardlimit_warning_last.tv_sec >
+ pp->pr_hardlimit_ratecap.tv_sec)) {
+ printf("%s\n", pp->pr_hardlimit_warning);
+ pp->pr_hardlimit_warning_last.tv_sec = getuptime();
+ }
return (NULL);
}
