Vmalloc increase size. Centos 6.3 32 bits.

Discussion in 'Technical' started by r4faga, May 28, 2013.

  1. r4faga

    r4faga Member

    Hello, i need to increase size of my vmalloc, because when i drop a range of ips to iptables, after a few seconds I get "iptables: Memory allocation problem." and the error log shows "kernel: vmap allocation for size 6352896 failed: use vmalloc = <size> to Increase size." I put in the grub boot "kopt = root = UUID = 1029384-7e40-9968-7a8b9e78f9g7s FFD2-ro vmalloc = 256M" but after rebooting the server, this one did not take the new size and still shows 120M. I appreciate the help.

    I have centos 6.3 32 bit with 4 gigs of ram and ispconfig 3.5.

    Here is vmalloc show me 120M, when my server starts.

    May 28 10:40:17 xxxx kernel: Memory: 3993300k/5242880k available (4368k kernel code, 189236k reserved, 2440k data, 508k init, 3277064k highmem)
    May 28 10:40:17 xxxx kernel: virtual kernel memory layout:
    May 28 10:40:17 xxxx kernel: fixmap : 0xffad5000 - 0xfffff000 (5288 kB)
    May 28 10:40:17 xxxx kernel: pkmap : 0xff600000 - 0xff800000 (2048 kB)
    May 28 10:40:17 xxxx kernel: vmalloc : 0xf7dfe000 - 0xff5fe000 ( 120 MB)
    May 28 10:40:17 xxxx kernel: lowmem : 0xc0000000 - 0xf75fe000 ( 885 MB)
    May 28 10:40:17 xxxx kernel: .init : 0xc0aa7000 - 0xc0b26000 ( 508 kB)
    May 28 10:40:17 xxxx kernel: .data : 0xc08443c3 - 0xc0aa64e8 (2440 kB)
    May 28 10:40:17 xxxx kernel: .text : 0xc0400000 - 0xc08443c3 (4368 kB)

    This is msg error.

    vmap allocation for size 6303744 failed: use vmalloc=<size> to increase size.

    And this is my meminfo.

    [[email protected] ~]# cat /proc/meminfo
    MemTotal: 4009540 kB
    MemFree: 3119376 kB
    Buffers: 43320 kB
    Cached: 292284 kB
    SwapCached: 0 kB
    Active: 605724 kB
    Inactive: 143364 kB
    Active(anon): 413640 kB
    Inactive(anon): 1360 kB
    Active(file): 192084 kB
    Inactive(file): 142004 kB
    Unevictable: 0 kB
    Mlocked: 0 kB
    HighTotal: 3277064 kB
    HighFree: 2512364 kB
    LowTotal: 732476 kB
    LowFree: 607012 kB
    SwapTotal: 4145144 kB
    SwapFree: 4145144 kB
    Dirty: 0 kB
    Writeback: 0 kB
    AnonPages: 413480 kB
    Mapped: 40628 kB
    Shmem: 1528 kB
    Slab: 55764 kB
    SReclaimable: 41004 kB
    SUnreclaim: 14760 kB
    KernelStack: 1976 kB
    PageTables: 5688 kB
    NFS_Unstable: 0 kB
    Bounce: 0 kB
    WritebackTmp: 0 kB
    CommitLimit: 6149912 kB
    Committed_AS: 821068 kB
    VmallocTotal: 122880 kB
    VmallocUsed: 54656 kB
    VmallocChunk: 51988 kB
    HugePages_Total: 0
    HugePages_Free: 0
    HugePages_Rsvd: 0
    HugePages_Surp: 0
    Hugepagesize: 2048 kB
    DirectMap4k: 10232 kB
    DirectMap2M: 897024 kB

    Thanks for you help.
  2. monkfish

    monkfish New Member

    Can't say for vmalloc but not sure it will address your issue if you have large iptables rulesets.

    Are you doing something like blocking large netranges, eg countries with individual rulesets? Checkout ipset instead which will give you better perfomance, consolidation of rulesets and may well solve your vmalloc problem.
  3. r4faga

    r4faga Member

    Yes men, im blocking large net ranges, like china, rusia and others, ip by ip with my scrip. it works fine, but from one day to another began to come out this error. that's the weird thing. now I'll see ipset, but if you know how to change the size of vmalloc I appreciate. I did what they say to change it but it does not change. Thanks men for yout time.
  4. monkfish

    monkfish New Member

    Same, same - cn, kr, pk, af and others blocked on some of mine.

    Have a read of this - I think i adapted scripts from there. You may not need to install ipset using the commands there - its in the base repository for centos so a simple "yum install ipset" will do, and get dependency as well.

    You can consolidate those huge country lists you have right the way down!!


    Also for modelling your firewall look at firewall builder www.fwbuilder.org - its excellent.

    sorry cannot immediately help you on vmalloc - somebody else will, no doubt

    happy blocking !
  5. r4faga

    r4faga Member

    :) thanks i use ipset and works fine. Is better. Thanks for your time.

Share This Page