pfctl: Cannot allocate memory and spamd-setup -bd

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

pfctl: Cannot allocate memory and spamd-setup -bd

Ruy Bento
Hi,

I have a server with:

OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
     [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 234MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
real mem  = 100233216 (95MB)
avail mem = 87961600 (83MB)


With sendmail and spamd in blacklist (/etc/rc.conf.local):

spamd_flags="-bv"       # for normal use: "" and see spamd(8)
spamd_black=YES         # set to YES to run spamd without greylisting
spamlogd_flags="-i rl0" # use eg. "-i interface" and see spamlogd(8)




/etc/mail/spamd.conf:

with        :china:korea:              it's ok

with        :uatraps:china:korea:  ->  pfctl: Cannot allocate memory.

or
             :nixspam::china:korea: ->  pfctl: Cannot allocate memory.

with the shell /usr/libexec/spamd-setup -bd


vmstat -m
_________________________________________________
....
pfrke_plain   92    19616    3     1175   429   394    35   168     0
   8    8

.....

In use 2275K, total allocated 3808K; utilization 59.7%
________________________________________________



pstat -s
Device      512-blocks     Used    Avail Capacity  Priority
swap_device     329980        0   329980     0%    0


In OpenBSD 4.6 the same hardware and config ... no problem.

I try several setups: Core2 Duo with 1 GB RAM (the same config) 4.6 and
4.7, works.

But ... 4.6 and 4.7 with 128MB, 4.7 give the same error: "pfctl: Cannot
allocate memory. "

So I change

     set limit tables 10000
     set limit table-entries 5000000

in pf.conf, but no luck.

My question is: In this small env. (100 MB - RAM) I need to change the
Kernel memory or other sysctl value, which one?

I work with OpenBSd for more 10 years Intel, AMD, PPC - Webhosting,
Servers, Firewalls.

Thank you for your great effort and work.

Best regards,
Ruy Benton

CPB
Reply | Threaded
Open this post in threaded view
|

Re: pfctl: Cannot allocate memory and spamd-setup -bd

CPB
Ruy Bento wrote:

> Hi,
>
> I have a server with:
>
> OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
>     [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 234MHz
> cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
> real mem  = 100233216 (95MB)
> avail mem = 87961600 (83MB)
>
>
> With sendmail and spamd in blacklist (/etc/rc.conf.local):
>
> spamd_flags="-bv"       # for normal use: "" and see spamd(8)
> spamd_black=YES         # set to YES to run spamd without greylisting
> spamlogd_flags="-i rl0" # use eg. "-i interface" and see spamlogd(8)
>
>
>
>
> /etc/mail/spamd.conf:
>
> with        :china:korea:              it's ok
>
> with        :uatraps:china:korea:  ->  pfctl: Cannot allocate memory.
>
> or
>             :nixspam::china:korea: ->  pfctl: Cannot allocate memory.
>
> with the shell /usr/libexec/spamd-setup -bd
>
>
> vmstat -m
> _________________________________________________
> ....
> pfrke_plain   92    19616    3     1175   429   394    35   168     0
>   8    8
>
> .....
>
> In use 2275K, total allocated 3808K; utilization 59.7%
> ________________________________________________
>
>
>
> pstat -s
> Device      512-blocks     Used    Avail Capacity  Priority
> swap_device     329980        0   329980     0%    0
>
>
> In OpenBSD 4.6 the same hardware and config ... no problem.
>
> I try several setups: Core2 Duo with 1 GB RAM (the same config) 4.6
> and 4.7, works.
>
> But ... 4.6 and 4.7 with 128MB, 4.7 give the same error: "pfctl:
> Cannot allocate memory. "
>
> So I change
>
>     set limit tables 10000
>     set limit table-entries 5000000
>
> in pf.conf, but no luck.
>
> My question is: In this small env. (100 MB - RAM) I need to change the
> Kernel memory or other sysctl value, which one?
>
> I work with OpenBSd for more 10 years Intel, AMD, PPC - Webhosting,
> Servers, Firewalls.
>
> Thank you for your great effort and work.
>
> Best regards,
> Ruy Benton
>
>
OK, I'm game to ask after seeing Theo's response. I actually have some
equipment like this, not that I use it this way, "normally".

So, change a setting or rewrite things to fit better in this small
memory space?
I was actually using that laptop to make some pretty extensive website
changes last year, while traveling with little internet access.
Filled those boring hours while I waked up hours before the "world" back
then. No regrets having brought that old thing with me! :)

Chris Bennett

Reply | Threaded
Open this post in threaded view
|

Re: pfctl: Cannot allocate memory and spamd-setup -bd

Theo de Raadt
In reply to this post by Ruy Bento
> avail mem = 87961600 (83MB)

> with        :uatraps:china:korea:  ->  pfctl: Cannot allocate memory.

Not enough kernel memory.

Reply | Threaded
Open this post in threaded view
|

Re: pfctl: Cannot allocate memory and spamd-setup -bd

Theo de Raadt
In reply to this post by CPB
> > OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
> >     [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
> > cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 234MHz
> > cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
> > real mem  = 100233216 (95MB)
> > avail mem = 87961600 (83MB)


> > pstat -s
> > Device      512-blocks     Used    Avail Capacity  Priority
> > swap_device     329980        0   329980     0%    0


> OK, I'm game to ask after seeing Theo's response. I actually have some
> equipment like this, not that I use it this way, "normally".

You're kidding.

> So, change a setting or rewrite things to fit better in this small
> memory space?

There is no solution.  The tables are in kernel memory.

The kernel isn't going to go out to swap space to check if packets
should flow through.  Would anyone want that?  No, of course not.

> I was actually using that laptop to make some pretty extensive website
> changes last year, while traveling with little internet access.
> Filled those boring hours while I waked up hours before the "world" back
> then. No regrets having brought that old thing with me! :)

Laptops tend to have more than 83MB of available memory.

CPB
Reply | Threaded
Open this post in threaded view
|

Re: pfctl: Cannot allocate memory and spamd-setup -bd

CPB
Theo de Raadt wrote:

>>> OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
>>>     [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
>>> cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 234MHz
>>> cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
>>> real mem  = 100233216 (95MB)
>>> avail mem = 87961600 (83MB)
>>>      
>
>
>  
>>> pstat -s
>>> Device      512-blocks     Used    Avail Capacity  Priority
>>> swap_device     329980        0   329980     0%    0
>>>      
>
>
>  
>> OK, I'm game to ask after seeing Theo's response. I actually have some
>> equipment like this, not that I use it this way, "normally".
>>    
>
> You're kidding.
>
>  
>> So, change a setting or rewrite things to fit better in this small
>> memory space?
>>    
>
> There is no solution.  The tables are in kernel memory.
>
> The kernel isn't going to go out to swap space to check if packets
> should flow through.  Would anyone want that?  No, of course not.
>
>  
>> I was actually using that laptop to make some pretty extensive website
>> changes last year, while traveling with little internet access.
>> Filled those boring hours while I waked up hours before the "world" back
>> then. No regrets having brought that old thing with me! :)
>>    
>
> Laptops tend to have more than 83MB of available memory.
>
>
>  
No kidding, that sucker only has 128MB, after I added memory.
And I'm serious, I really did feel perfectly safe bringing it to parts
unknown, where the locals said I really shouldn't be carrying it around
in the streets.
I still have that antique, right here, working alongside a "real" computer.

But anyway, thanks for answering the question clearly

Chris Bennett

Reply | Threaded
Open this post in threaded view
|

Re: pfctl: Cannot allocate memory and spamd-setup -bd

Stuart Henderson
In reply to this post by Ruy Bento
On 2010-06-21, Ruy Bento <[hidden email]> wrote:
> spamd_black=YES         # set to YES to run spamd without greylisting

you don't want blacklist-only mode if you have limited RAM.

Reply | Threaded
Open this post in threaded view
|

Re: pfctl: Cannot allocate memory and spamd-setup -bd

Ruy Bento
In reply to this post by Ruy Bento
On 21-06-2010 22:44, Ruy Bento wrote:


...

>
> My question is: In this small env. (100 MB - RAM) I need to change the
> Kernel memory or other sysctl value, which one?
>

Thank you for all your replys and comments.

In 4.6 everything work perfect, so what happen 4.6 -> 4.7, it need more mem?

And if I can:
set limit table-entries 5000000


And with all daemons load in mem I have:

36 processes:  35 idle, 1 on processor
CPU states:  0.5% user,  0.0% nice,  0.0% system,  0.0% interrupt, 99.5%
idle
Memory: Real: 20M/45M act/tot  Free: 41M  Swap: 0K/161M used/tot

"What a perfect world ...."

So with 41MB free i could load more kernel ...



My other servers: Core 2, i5, i7 with lots of mem (4 or 8 GB).

This and the SUN its to test and see the OpenBSD continue to run happily
for ever :-) :-)


Thank you for your great effort and work.

Best regards,
Ruy Benton