|
||||||||
On Tue, Dec 9, 2008 at 3:40 PM, mtnbkr <waa dash m0n0wall at revpol dot com> wrote: > > > Recent console log... > > --[snip]-- > ipf_nattable_max reduced to 27337 That's autotuning of ipf that attempts to prevent running out of kernel memory, but... > panic: kmem_malloc(4096): kmem_map too small: 36687872 total allocated This means the system ran out of kernel memory, which leaves it no choice but to panic. Not sure if this is caused by an ipfilter bug, or if should be expected with large state tables. You can increase the kernel memory by adding: vm.kmem_size_max="512M" vm.kmem_size="512M" to /boot/loader.conf. This should be doable by mounting and editing a m0n0 image and may resolve this. Might not be a bad idea to bump this by default. Setting this higher than even the amount of RAM available doesn't seem to cause any problems (pfSense has done so for quite a while to accommodate big installs with large state tables and hundreds of CARP IPs, without any negative effects on systems with much less RAM than is configured for kmem). -Chris |