On Tue, Dec 9, 2008 at 3:40 PM, mtnbkr <waa dash m0n0wall at revpol dot com> wrote:
> Recent console log...
> ipf_nattable_max reduced to 27337
That's autotuning of ipf that attempts to prevent running out of
kernel memory, but...
> panic: kmem_malloc(4096): kmem_map too small: 36687872 total allocated
This means the system ran out of kernel memory, which leaves it no
choice but to panic. Not sure if this is caused by an ipfilter bug, or
if should be expected with large state tables. You can increase the
kernel memory by adding:
to /boot/loader.conf. This should be doable by mounting and editing a
m0n0 image and may resolve this.
Might not be a bad idea to bump this by default. Setting this higher
than even the amount of RAM available doesn't seem to cause any
problems (pfSense has done so for quite a while to accommodate big
installs with large state tables and hundreds of CARP IPs, without any
negative effects on systems with much less RAM than is configured for