Hello, i need to increase size of my vmalloc, because when i drop a range of ips to iptables, after a few seconds I get "iptables: Memory allocation problem." and the error log shows "kernel: vmap allocation for size 6352896 failed: use vmalloc = <size> to Increase size." I put in the grub boot "kopt = root = UUID = 1029384-7e40-9968-7a8b9e78f9g7s FFD2-ro vmalloc = 256M" but after rebooting the server, this one did not take the new size and still shows 120M. I appreciate the help. I have centos 6.3 32 bit with 4 gigs of ram and ispconfig 3.5. Here is vmalloc show me 120M, when my server starts. May 28 10:40:17 xxxx kernel: Memory: 3993300k/5242880k available (4368k kernel code, 189236k reserved, 2440k data, 508k init, 3277064k highmem) May 28 10:40:17 xxxx kernel: virtual kernel memory layout: May 28 10:40:17 xxxx kernel: fixmap : 0xffad5000 - 0xfffff000 (5288 kB) May 28 10:40:17 xxxx kernel: pkmap : 0xff600000 - 0xff800000 (2048 kB) May 28 10:40:17 xxxx kernel: vmalloc : 0xf7dfe000 - 0xff5fe000 ( 120 MB) May 28 10:40:17 xxxx kernel: lowmem : 0xc0000000 - 0xf75fe000 ( 885 MB) May 28 10:40:17 xxxx kernel: .init : 0xc0aa7000 - 0xc0b26000 ( 508 kB) May 28 10:40:17 xxxx kernel: .data : 0xc08443c3 - 0xc0aa64e8 (2440 kB) May 28 10:40:17 xxxx kernel: .text : 0xc0400000 - 0xc08443c3 (4368 kB) This is msg error. vmap allocation for size 6303744 failed: use vmalloc=<size> to increase size. And this is my meminfo. [root@xxxx ~]# cat /proc/meminfo MemTotal: 4009540 kB MemFree: 3119376 kB Buffers: 43320 kB Cached: 292284 kB SwapCached: 0 kB Active: 605724 kB Inactive: 143364 kB Active(anon): 413640 kB Inactive(anon): 1360 kB Active(file): 192084 kB Inactive(file): 142004 kB Unevictable: 0 kB Mlocked: 0 kB HighTotal: 3277064 kB HighFree: 2512364 kB LowTotal: 732476 kB LowFree: 607012 kB SwapTotal: 4145144 kB SwapFree: 4145144 kB Dirty: 0 kB Writeback: 0 kB AnonPages: 413480 kB Mapped: 40628 kB Shmem: 1528 kB Slab: 55764 kB SReclaimable: 41004 kB SUnreclaim: 14760 kB KernelStack: 1976 kB PageTables: 5688 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 6149912 kB Committed_AS: 821068 kB VmallocTotal: 122880 kB VmallocUsed: 54656 kB VmallocChunk: 51988 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB DirectMap4k: 10232 kB DirectMap2M: 897024 kB Thanks for you help.
Can't say for vmalloc but not sure it will address your issue if you have large iptables rulesets. Are you doing something like blocking large netranges, eg countries with individual rulesets? Checkout ipset instead which will give you better perfomance, consolidation of rulesets and may well solve your vmalloc problem.
Yes men, im blocking large net ranges, like china, rusia and others, ip by ip with my scrip. it works fine, but from one day to another began to come out this error. that's the weird thing. now I'll see ipset, but if you know how to change the size of vmalloc I appreciate. I did what they say to change it but it does not change. Thanks men for yout time.
Same, same - cn, kr, pk, af and others blocked on some of mine. Have a read of this - I think i adapted scripts from there. You may not need to install ipset using the commands there - its in the base repository for centos so a simple "yum install ipset" will do, and get dependency as well. You can consolidate those huge country lists you have right the way down!! http://www.ipdeny.com/blog/blocking-country-ip-tables-using-our-data-blocks-and-ipset-utility/ Also for modelling your firewall look at firewall builder www.fwbuilder.org - its excellent. sorry cannot immediately help you on vmalloc - somebody else will, no doubt happy blocking !
