Hi,
Dňa Sun, 21 Jul 2024 13:29:44 +0100 "Kerin Millar" <kfm@xxxxxxxxxxxxx>
napísal:
> #!/bin/sh
> set -e
> tmpfile1=
> tmpfile2=
> trap 'rm -f -- "$tmpfile1" "$tmpfile2"' EXIT
> tmpfile1=$(mktemp)
> tmpfile2=$(mktemp)
> cat > "$tmpfile1"
> {
> echo "delete element $* {"; sed 's/$/,/' "$tmpfile1"; echo "}"
> echo "add element $* {"; sed 's/$/,/' "$tmpfile1"; echo "}"
> } > "$tmpfile2"
> nft -f "$tmpfile2"
I play with that, i add one more "add" before "delete" and seems to
work, except after boot...
After boot the set is (obviously) empty, i try to fill it with something
as:
curl -s https://my_local_URL | ./nft-addset.sh inet fw4 myset | nft -f-
But that fail with::
/dev/stdin:1:1-2: Error: Could not process rule: Out of memory
add element inet fw4 myset {
^^
(The host has >6 GB of free RAM, the list has ~1700 items)
Initially i blame IP duplicates in downloaded list of IPs, but that was
unrelated to this error. When i remove the first "add" and "delete"
lines from script (thus just one "add"), it works. After initial fill it
works with all three commands (add+delete+add) on already filled set
and even when i flush that set, it still works. Only first fill (after
boot) ends with that error.
When i delete and create that set, i got "Out of memory" again, the set
is defined as::
table inet fw4 {
set myset {
type ipv4_addr
last counter
timeout 2d
}
}
I tried to add "size" into it, but that doesn't help.
I roughly remember, that i read something about some memory limit in
container (i am not in container), but i am not able to find that
again to check if that is problem.
Please, what can cause that initial fill error, how i can debug/solve
it?
regards
--
Slavko
https://www.slavino.sk
Attachment:
pgpC80xxzlUIV.pgp
Description: Digitálny podpis OpenPGP
