[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] m0n0wall on ALIX kernel panicing and rebooting
 Date:  Wed, 10 Dec 2008 10:55:28 -0500
On Tue, Dec 9, 2008 at 3:40 PM, mtnbkr <waa dash m0n0wall at revpol dot com> wrote:
>
>
> Recent console log...
>
> --[snip]--
> ipf_nattable_max reduced to 27337

That's autotuning of ipf that attempts to prevent running out of
kernel memory, but...

> panic: kmem_malloc(4096): kmem_map too small: 36687872 total allocated

This means the system ran out of kernel memory, which leaves it no
choice but to panic. Not sure if this is caused by an ipfilter bug, or
if should be expected with large state tables. You can increase the
kernel memory by adding:

vm.kmem_size_max="512M"
vm.kmem_size="512M"

to /boot/loader.conf. This should be doable by mounting and editing a
m0n0 image and may resolve this.

Might not be a bad idea to bump this by default. Setting this higher
than even the amount of RAM available doesn't seem to cause any
problems (pfSense has done so for quite a while to accommodate big
installs with large state tables and hundreds of CARP IPs, without any
negative effects on systems with much less RAM than is configured for
kmem).

-Chris