Re: Memory problem

[Filip Sneppe <filip.sneppe@cronos.be>]

On Thu, 2003-07-03 at 11:53, Cilliè Burger wrote:
> Hi Everyone
> 
> I was wondering if anyone has a solution to this problem.
> 
> I have a the following box that sits between our router and switch:
> 
> Pentium 200, 64 Mbyte RAM, Linux version 2.4.18-3 
> (bhcompile@stripples.devel.redhat.com)
> (gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-110)), iptables v1.2.5
> 
> I almost never reboot this box, but lately I have noticed a dramatic 
> increase in memory consumption.
> 
> I start out on bootup with about 40 MB or so free and in a weeks time 
> its down to about 800KB.
> When iptables is restarted and the rules flushed and reloaded I reclaim 
> about 6024 KB, which then gradually
> decreases back to about a meg in a 16 hour period.
> 
...
> 
> Why does iptables consume so much memory ?
> Why does iptables appear to loose so much memory ? When regarding this 
> question, consider the following:
> 
> On reboot and before loading of rules there is about 40 MB free ram. 
> After loading the rules, and about two weeks uptime
> there is about 800KB of free memory. After flushing the rules, theres 
> only 6024 KB free.
> Is there a slight possibility that this may be due to a memory leak of 
> some sort ?
> 
> Thanks in advance for your help. Keep up the good work Netfilter .
> 

Hi Cilliè,

I understand your concerns about memory consumption, but there is
no information in your mail showing that the memory used by the
firewall is in fact used by connection tracking or any other netfilter
kernel structures. 

In fact, many Linux admins will tell you that any Linux box that has
free memory after system boot will end up using all available memory
after a little while: that memory is simply used for buffering and
caching filesystem operations.

So in order to get an idea about your box' memory consumption, send us
the output of:

cat /proc/meminfo
cat /proc/slabinfo
wc -l /proc/net/ip_conntrack

Regards,
Filip