HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Technical (http://www.howtoforge.com/forums/forumdisplay.php?f=8)
-   -   Vmalloc increase size. Centos 6.3 32 bits. (http://www.howtoforge.com/forums/showthread.php?t=62006)

r4faga 28th May 2013 18:20

Vmalloc increase size. Centos 6.3 32 bits.
 
Hello, i need to increase size of my vmalloc, because when i drop a range of ips to iptables, after a few seconds I get "iptables: Memory allocation problem." and the error log shows "kernel: vmap allocation for size 6352896 failed: use vmalloc = <size> to Increase size." I put in the grub boot "kopt = root = UUID = 1029384-7e40-9968-7a8b9e78f9g7s FFD2-ro vmalloc = 256M" but after rebooting the server, this one did not take the new size and still shows 120M. I appreciate the help.

I have centos 6.3 32 bit with 4 gigs of ram and ispconfig 3.5.


Here is vmalloc show me 120M, when my server starts.

May 28 10:40:17 xxxx kernel: Memory: 3993300k/5242880k available (4368k kernel code, 189236k reserved, 2440k data, 508k init, 3277064k highmem)
May 28 10:40:17 xxxx kernel: virtual kernel memory layout:
May 28 10:40:17 xxxx kernel: fixmap : 0xffad5000 - 0xfffff000 (5288 kB)
May 28 10:40:17 xxxx kernel: pkmap : 0xff600000 - 0xff800000 (2048 kB)
May 28 10:40:17 xxxx kernel: vmalloc : 0xf7dfe000 - 0xff5fe000 ( 120 MB)
May 28 10:40:17 xxxx kernel: lowmem : 0xc0000000 - 0xf75fe000 ( 885 MB)
May 28 10:40:17 xxxx kernel: .init : 0xc0aa7000 - 0xc0b26000 ( 508 kB)
May 28 10:40:17 xxxx kernel: .data : 0xc08443c3 - 0xc0aa64e8 (2440 kB)
May 28 10:40:17 xxxx kernel: .text : 0xc0400000 - 0xc08443c3 (4368 kB)

This is msg error.

vmap allocation for size 6303744 failed: use vmalloc=<size> to increase size.

And this is my meminfo.

[root@xxxx ~]# cat /proc/meminfo
MemTotal: 4009540 kB
MemFree: 3119376 kB
Buffers: 43320 kB
Cached: 292284 kB
SwapCached: 0 kB
Active: 605724 kB
Inactive: 143364 kB
Active(anon): 413640 kB
Inactive(anon): 1360 kB
Active(file): 192084 kB
Inactive(file): 142004 kB
Unevictable: 0 kB
Mlocked: 0 kB
HighTotal: 3277064 kB
HighFree: 2512364 kB
LowTotal: 732476 kB
LowFree: 607012 kB
SwapTotal: 4145144 kB
SwapFree: 4145144 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 413480 kB
Mapped: 40628 kB
Shmem: 1528 kB
Slab: 55764 kB
SReclaimable: 41004 kB
SUnreclaim: 14760 kB
KernelStack: 1976 kB
PageTables: 5688 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 6149912 kB
Committed_AS: 821068 kB
VmallocTotal: 122880 kB
VmallocUsed: 54656 kB
VmallocChunk: 51988 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 10232 kB
DirectMap2M: 897024 kB


Thanks for you help.

monkfish 29th May 2013 00:17

Can't say for vmalloc but not sure it will address your issue if you have large iptables rulesets.

Are you doing something like blocking large netranges, eg countries with individual rulesets? Checkout ipset instead which will give you better perfomance, consolidation of rulesets and may well solve your vmalloc problem.

r4faga 29th May 2013 00:40

Yes men, im blocking large net ranges, like china, rusia and others, ip by ip with my scrip. it works fine, but from one day to another began to come out this error. that's the weird thing. now I'll see ipset, but if you know how to change the size of vmalloc I appreciate. I did what they say to change it but it does not change. Thanks men for yout time.

monkfish 29th May 2013 01:03

Same, same - cn, kr, pk, af and others blocked on some of mine.

Have a read of this - I think i adapted scripts from there. You may not need to install ipset using the commands there - its in the base repository for centos so a simple "yum install ipset" will do, and get dependency as well.

You can consolidate those huge country lists you have right the way down!!

http://www.ipdeny.com/blog/blocking-...ipset-utility/

Also for modelling your firewall look at firewall builder www.fwbuilder.org - its excellent.

sorry cannot immediately help you on vmalloc - somebody else will, no doubt

happy blocking !

r4faga 29th May 2013 16:59

:-) thanks i use ipset and works fine. Is better. Thanks for your time.


All times are GMT +2. The time now is 20:36.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.