Close all pf transactions before opening a new one in DIOCGETRULES.
Processes like snmpd or systat open pf(4) once and then issue many
DIOCGETRULES calls over their runtime. This accumulates many pf_trans
structs over their lifetime. At some point the kernel runs out of
memory because of that. By closing all transactions before creating
a new one, long living processes do no longer leak transactions.
This probably needs further refinement once more transactions types are
added but for now this solves the problem.
Problem found by florian@
OK sashan@ kn@
projects / openbsd / commit