[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] hash kernel memory VS. system kernel memory

To: SEAN_TARBOX@phl.com, fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] hash kernel memory VS. system kernel memory
From: Dameon Welch <dwelch@hotmail.com>
Date: Sun, 07 Nov 1999 01:59:44 PST



>SYMPTOM:
>I just upgraded from fw-1 V3 to V4 SP3, and I am getting an occasional 
>error on
>my console: "FW-1: h_getvals: fw_kmalloc (3400000) failed". [ On Solaris ]

The hash memory is not related to this. FireWall-1 simply uses that memory 
for tables. Not only that, but it seems to be only an upper limit on how 
much memory tables can use, not in how much memory FireWall-1 allocations. 
FireWall-1 does make use of kernel memory, i.e. the kind of memory that 
needs to be physically available when it is asked for. It uses this memory 
for lots of reasons, including making copies of tables.

This error says that FireWall-1 attempted to allocate a large chunk of 
memory and failed. In this case, it looks like it was trying to allocate 
52mb of kernel memory (assuming that's hex) or 3.4mb (if it's decimal). On 
IPSO, this is in hex. I don't know about other platforms. If seen 
occasionally, this error may not have any actual side effects. If seen 
constantly or when you attempt to load a policy, it can be an issue.

On the Nokia platform, there is a patch to resolve this issue. This patch 
simply increases the amount of memory the operating system tries to keep 
available in physical memory. Normally, this value is very low (only a few 
pages). For FireWall-1, this number should be at least 4 megabytes.

Obviously, this is a very OS-specific thing, so you'll probably have to 
search on SunSolve to see if there's some way to tweak this.

--
PhoneBoy (a.k.a Dameon D. Welch)       dwelch@phoneboy.com
PhoneBoy's FireWall-1 FAQs -- http://www.phoneboy.com/fw1/
The views expressed herein are not necessarily those of anyone else.

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Routing on firewalls
Next by Date: [FW1] Checkpoint VPN & Secure remote manual
Prev by thread: [FW1] hash kernel memory VS. system kernel memory
Next by thread: [FW1] Pings in log file
Index(es):
- Date
- Thread