Hi Manuel,

Now that I am looking at the "temp" memory line from 'vmstat -m"
I see that 'ipf -F a' *does* indeed free up it's memory and
*does* **not** occupy more upon reload.

Is there some way to force the "allocator to return it to the free
memory pool"? If it happens eventually, this is probably not an issue
at all.

Remaining issues are: per rule memory usage (I need to get Darren Reed
to comment on this) and behavior of ipf as it nears temp (kernel)
memory limit.

When I get a chance I will incrementally add rules and track temp
usage and availability with vmstat -m. I will send out results after
I do this. Since this usually crashes (or locks-up perhaps a better term)
my machine I need to be there to reset it.

Thanks,
gene

> On Mon, Mar 27, 2006 at 07:07:12PM -0500, yancm@sdf.lonestar.org wrote:
>> >>
>> BTW: After I executed the ipf -D/ipf -E sequence, my rules
>> appeared to load but were apparently getting ignored?!?!?
>
> Did you try reloading the rules ?
>
>> [...]
>> Memory statistics by type                           Type  Kern
>>          Type  InUse MemUse HighUse  Limit Requests Limit Limit Size(s)
>>          temp 404425 149006K 149190K 236045K   433847    0     0
>> 16,32,64,128,256,512,1024,2048,4096,8192,32768,65536
>
> OK, your memory is there and it's really still allocated. I though that
> maybe it had been freed by the subsystem, but the allocator didn't return
> it to the free memory pool yet.
>