Hi there,
we've 2 openbsd boxes used as firewall/router with pf and carp to host some
websites and application for a students and researchers lab.
Sometimes the boxes reboot because they reach the mbuf cluster limit.
Unfortunately not all the application hosted in our lab work always
correctly so I'm wondering if there's any way to limit the mbuf cluster with
a pf rule on ip basis; so if one application has problem, it doesn't create
problem to all the network and doesn't make the firewall crash.
Thanks for your help!
Rick
sample output of our netstat:
# netstat -m
134 mbufs in use:
130 mbufs allocated to data
1 mbuf allocated to packet headers
3 mbufs allocated to socket names and addresses
131/6089/6144 mbuf clusters in use (current/peak/max)
6512 Kbytes allocated to network (4% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
