Re: bin/55892 (npf cannot handle large tables)

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,technet%netdog.org@localhost
Subject: Re: bin/55892 (npf cannot handle large tables)
From: "Fredrik Pettai via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Thu, 12 Jun 2025 12:45:02 +0000 (UTC)

The following reply was made to PR bin/55892; it has been noted by GNATS.

From: Fredrik Pettai <pettai%sunet.se@localhost>
To: "gnats-bugs%netbsd.org@localhost" <gnats-bugs%NetBSD.org@localhost>
Cc: 
Subject: Re: bin/55892 (npf cannot handle large tables)
Date: Thu, 12 Jun 2025 14:43:22 +0200

 --Apple-Mail=_AD973DDA-9911-4C81-9231-F659562E0F25
 Content-Transfer-Encoding: quoted-printable
 Content-Type: text/plain;
 	charset=utf-8
 
 Regarding PR bin/55892 (npf cannot handle large tables)
 
 It=E2=80=99s also true for NetBSD 9.4 i386, and the list can be much =
 smaller to make npf / networking fail.
 My list was only 25k ip-addresses then npf never finished loading.
 (A shorter list, ~20k entries works fine=E2=80=A6)
 
 npf.conf:
 
 $wired_if =3D "vioif0"
 
 table <blacklist> type ipset file "/etc/npf_blacklist"
 
 alg "icmp"
 
 procedure "log" {
         # Note: npf_ext_log kernel module should be loaded, if not =
 built-in.
         # Also, the interface created, e.g.: ifconfig npflog0 create
         log: npflog0
 }
 
 group "wired" on $wired_if {
         block in final from <blacklist>
         pass stateful in final family inet4 proto icmp to $wired_if
         pass in final family inet6 proto ipv6-icmp to $wired_if
 	[=E2=80=A6]
 
 
 
 Re,
 /P
 
 --Apple-Mail=_AD973DDA-9911-4C81-9231-F659562E0F25
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP
 
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAEBCgAdFiEEgg5OFRpTcEdGGed61TYFTBam+AgFAmhKy2oACgkQ1TYFTBam
 +AhRgQ//QbWBxSWlfvoeEWqZEEqDaKn5j8tKqSPdT3UrrfEoM8SxklHU1WGzFvc2
 IN6lY2KkY1JrXsGREjmuWdGWk4bwPEN4fF1327xFnznPWt5TyOnRdKpyFDW+Xntj
 GfYAHhvxiMUmrfBJL4htuJAItBI3nakLZAnC7AuVF9gInNHPCZbVRZEMTg4foOsI
 WZnkUZvRo3fbIpdyIdUChm38HFmBdFe30jiQzeDqavTk5ySop3/n1dMm79iJnRON
 FMcJsOk3goPR1KPjAnQ4VXKTjk1BccYLqu+Jir69uzxjsskVLQiAM2303p4H83Kj
 TNN3Aar+FSKezmr1bVTPrOsuPzuaNUnJon6evAt+JQHxdpSw4XcovasBq5AxVE3+
 CpnyiSao5qedvN8Bdq3T4Ja3hXnJTDiM2I5k4Uj+ylpCY85DOgKSZyXTfy0V1RUU
 YWNhuOZMHCYJZSh/t6S5VVgUeDBeKYofUqxCN+XdNQe9USo4mKu7H5EqY/nh1rBn
 Qa4eWSiNERtpPA9zMz00Gs0VypwORF7rUyQZzEKDY5bWlvLq3+458kZ3hIfmnri7
 4p5gObyY9jjbopbl/0QYNaF7Y/EBUKJx5EA22jEs4xEkHZxHvkFlKVO0neSX1jRC
 JSwfsUpiDYLdFViL94J1miMEx953m+/VYXgMMPrTWyf0Tj84nD8=
 =Rbx8
 -----END PGP SIGNATURE-----
 
 --Apple-Mail=_AD973DDA-9911-4C81-9231-F659562E0F25--

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: port-xen/58561 (panic: kernel diagnostic assertion "x86_read_psl() == 0" failed: file "/home/netbsd/10/src/sys/arch/x86/x86/pmap.c", line 3581)
Previous by Thread: Re: kern/59462 (libnv nvlist_get_number_array() broken on big endian 64bit)
Next by Thread: kern/59465: Recurring kernel panic with -current (10.99.14): "heart stopped beating"
Indexes:

Home | Main Index | Thread Index | Old Index