Hello group, I'm trying to understand behavior of pf table entries allocation. I've ran out of table entries, which is by default limited to 200k, while trying to load a new ruleset. I've increased the limit to 1M, now it loads fine, but the usual amount of entries is only around 7k. The number increases greatly during loading new ruleset. I would expect it to increase twice because of duplication of eveything in the new ruleset, but this increase is way bigger.
while true; do vmstat -z | grep "pf table" ; sleep 0.1; done pf table entries: 216, 1000008, 7218, 195192, 1585524, 0, 0 pf table entries: 216, 1000008, 7218, 195192, 1585524, 0, 0 pf table entries: 216, 1000008, 7218, 195192, 1585524, 0, 0 pf table entries: 216, 1000008, 21495, 180915, 1599801, 0, 0 pf table entries: 216, 1000008, 36094, 166316, 1614400, 0, 0 pf table entries: 216, 1000008, 50292, 152118, 1628598, 0, 0 pf table entries: 216, 1000008, 64336, 138074, 1642642, 0, 0 pf table entries: 216, 1000008, 78684, 123726, 1656990, 0, 0 pf table entries: 216, 1000008, 93355, 109055, 1671661, 0, 0 pf table entries: 216, 1000008, 107742, 94668, 1686048, 0, 0 pf table entries: 216, 1000008, 122394, 80016, 1700700, 0, 0 pf table entries: 216, 1000008, 137159, 65251, 1715465, 0, 0 pf table entries: 216, 1000008, 151032, 51378, 1729338, 0, 0 pf table entries: 216, 1000008, 166269, 36141, 1744575, 0, 0 pf table entries: 216, 1000008, 180852, 21558, 1759158, 0, 0 pf table entries: 216, 1000008, 194970, 7440, 1773276, 0, 0 pf table entries: 216, 1000008, 198179, 4231, 1776485, 0, 0 pf table entries: 216, 1000008, 200954, 1456, 1779260, 0, 0 pf table entries: 216, 1000008, 7219, 195191, 1779260, 0, 0 pf table entries: 216, 1000008, 7219, 195191, 1779260, 0, 0 pf table entries: 216, 1000008, 7219, 195191, 1779260, 0, 0 -- | pozdrawiam / greetings | Powered by macOS, Debian and FreeBSD | | Kajetan Staszkiewicz | www: http://vegeta.tuxpowered.net | `------------------------^--------------------------------------'
OpenPGP_signature
Description: OpenPGP digital signature
