Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

Docs Navigation

TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Help Me Choose FreeNAS

Systems Overview M-Series X-Series R-Series Mini Series

Blog In the News TrueNAS Store iXsystems Careers

TrueNAS GitHub Community Forum Discord TrueNAS Merch Store

Application Asigra TrueNAS Solution Backup Big Data Cloud Multimedia Virtualization

Industry Education Finance Government Healthcare High-Tech Media & Entertainment

Support Documentation TrueNAS Security Blog Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

FreeBSD pfctl

OS

FreeBSD-EN-20:04.pfctl} : Missing pfctl(8) tunable

2020-03-19

Versions Affected : All verisons prior to FreeNAS 11.3-U2

Description

pf(4) ioctls frequently take a variable number of elements as argument. This can potentially allow users to request very large allocations.

A failing non-blocking pf(4) allocation can tie up resources resulting in concurrent blocking allocations entering vm_wait() and inducing reclamation of caches. The kernel will reject very large tables to avoid resource exhaustion attacks. Some users run into this limit with legitimate table configurations.

Workaround

No workaround is available, however systems that do not employ pf(4) nor use pf(4) table definitions larger than 65535 entries are unaffected.

Mitigation

Upgrade to FreeNAS 11.3-U2 or later.

Commit

FreeBSD Revision : r359135
FreeNAS Commit : 906dacf [If exists] + JIRA Ticket : NAS-105479](https://jira.ixsystems.com/browse/NAS-105479)

Further information

FreeBSD Errata Entry