Hi there,
we've 2 openbsd boxes used as firewall/router with pf and carp to host some
websites and applications for a students and researchers lab.
Sometimes the boxes reboot because they reach the mbuf cluster limit.
Unfortunately not all the applications hosted in our lab work always
correctly (and we cannot just put them offline) so I'm wondering if there's
any way to limit the mbuf cluster with a pf rule on ip basis; so if one
application has problem, it doesn't create problem to all the network and
doesn't make the firewall crash.
Thanks for your help!
Rick
sample output of our netstat:
# netstat -m
134 mbufs in use:
130 mbufs allocated to data
1 mbuf allocated to packet headers
3 mbufs allocated to socket names and addresses
131/6089/6144 mbuf clusters in use (current/peak/max)
6512 Kbytes allocated to network (4% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
