DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th May 2017
thefronny thefronny is offline
Port Guard
 
Join Date: Oct 2008
Posts: 20
Default 6.1 and system resources

My home firewall had been using 5.9. It's an ancient i386 Compaq 966 with 512MB of memory. It used pf which itself queried a block table with over 170k entries. It all ran just fine.

Because it was now two releases behind I upgraded to 6.1. It works fine too but the system load (top) is now always a bit over 1, there's over 300MB of memory that is apparently never used, and pf fails at boot because the system can't allocate enough memory, I suppose for that block table. I flushed it and the table now has about 8 entries and browser response appears to be a bit quicker so I guess it's the parsing.

What has changed since 5.9? Is there a sysctl I can tune to get full memory utilization and maybe help the pf table to load? Or is it time to just dump the hardware for something more modern?

Thanks!
Reply With Quote
  #2   (View Single Post)  
Old 6th May 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,891
Default

Follow this thread: https://www.mail-archive.com/misc@op...msg153191.html
Reply With Quote
  #3   (View Single Post)  
Old 6th May 2017
thefronny thefronny is offline
Port Guard
 
Join Date: Oct 2008
Posts: 20
Default

Quote:
Originally Posted by jggimi View Post
Thank you for this!

s-a
Reply With Quote
  #4   (View Single Post)  
Old 6th May 2017
thefronny thefronny is offline
Port Guard
 
Join Date: Oct 2008
Posts: 20
Default

Quote:
Originally Posted by thefronny View Post
My home firewall had been using 5.9. It's an ancient i386 Compaq 966 with 512MB of memory. It used pf which itself queried a block table with over 170k entries. It all ran just fine.

Because it was now two releases behind I upgraded to 6.1. It works fine too but the system load (top) is now always a bit over 1, there's over 300MB of memory that is apparently never used, and pf fails at boot because the system can't allocate enough memory, I suppose for that block table. I flushed it and the table now has about 8 entries and browser response appears to be a bit quicker so I guess it's the parsing.

What has changed since 5.9? Is there a sysctl I can tune to get full memory utilization and maybe help the pf table to load? Or is it time to just dump the hardware for something more modern?

Thanks!
Just an update. Using pfctl I upped the table entries limit to 1M, then did pfctl -FT to flush all the tables (there is only one). Copied the original block list over the top of the current one and did pfctl -f /etc/pf.conf - and it failed. Again, and it failed. Again, and this time it took. Can't say why.

I did find an internet post saying that pf copies the "new" table data into memory before deleting the old data so, with both sets loading temporarily into memory, you could run up against the extant max. table entries limit, the default of which is 200000. That was my initial problem and I fixed it in pf.conf with:
set limit {states 1000000 table-entries 1000000}
in the Options section.

Thanks jggimi for the link on system load. OpenBSD changes more between upgrades than I was giving it credit for.

s-a
Reply With Quote
  #5   (View Single Post)  
Old 7th May 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,891
Default

Patch 005 for 6.1 was announced today, regarding PF source tracking resource management.

http://www.openbsd.org/errata61.html
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Math resources ephemera Off-Topic 16 3rd April 2009 12:06 PM
system resources gosha OpenBSD General 7 30th January 2009 12:01 AM
OpenBSD firewall resources J65nko OpenBSD Security 0 1st June 2008 02:28 AM
NetBSD firewall resources J65nko NetBSD Security 0 1st June 2008 02:27 AM
BSD firewall resources J65nko Guides 0 4th May 2008 11:05 PM


All times are GMT. The time now is 08:32 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick