Memory leak problem

Memory leak problem

[Jean Cantarutti]

[-- Attachment #1: Type: text/html, Size: 745 bytes --]

Re: Memory leak problem

[Anders Fugmann]

Jean Cantarutti wrote:
> Hi, im using iptables 1.2.5 on a HP machine working like firewall, it 
> has 512 MB of RAM and every 30 seconds eats 6 kb of RAM, in 48 hours 
> only left 8300 kb of available RAM.
Do remember that unused ram is used for disc cache and buffers, so 
watching top does not give nessesarly an accurate picture of how ram is 
used.

Could you please describe why you think that iptabels/netfilter has a 
memory leak? Also printouts og memory usage would help us understand 
what is happening.

Btw. What kernel are you using?


Regards
Anders Fugmann

Re: Memory leak problem

[Antony Stone]

On Friday 27 September 2002 4:03 pm, Jean Cantarutti wrote:

> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
> <TITLE>Memory leak problem</TITLE>
> </HEAD>
> <BODY>
>
> <P><FONT SIZE=2 FACE="Arial">Hi, im using iptables 1.2.5 on a HP machine
> working like firewall, it has 512 MB of RAM and every 30 seconds eats 6 kb
> of RAM, in 48 hours only left 8300 kb of available RAM.</FONT></P>

Please:

1. Do not post html to this mailing list.
2. Tell us the volume of traffic you have going through your firewall.
3. Tell us the number of simultaneous connections you have through your 
firewall.
4. Tell us if you get any messages from netfilter in your syslog.
5. Give us an idea of what protocols you're handling, and what your ruleset 
is.
6. Let us know if you have any other services or applications running on your 
firewall.

Antony.

-- 

If you want to be happy for an hour, get drunk.
If you want to be happy for a year, get married.
If you want to be happy for a lifetime, get a garden.

Re: Memory leak problem

[Anthony Liu]

On Fri, 27 Sep 2002 11:03:32 -0400 Jean Cantarutti <jcantarutti@subtel.cl> wrote:

> Memory leak problem
> 
> Hi, im using iptables 1.2.5 on a HP machine working like firewall, it has 512 MB of RAM and every 30 seconds eats 6 kb of RAM, in 48 hours only left 8300 kb of available RAM.
> 
> I need help.

Are you sure it was leaking memory? Each tracked connection use up some kernel memory.
http://www.netfilter.org/documentation/FAQ/netfilter-faq.html#toc3.6

Ignore "available" RAM, the system will take as much "available" RAM for various cache buffers,
the system will release it back from the cache buffers when needed.  If the memory pressure still
increase, the system will start to swap some other process out.  Unless you are seeing out-of-memory
situation in the syslog, it should not be a problem.  BTW, how many clients is the firewall serving?

RE: Memory leak problem

[Jean Cantarutti]

[-- Attachment #1: Type: text/html, Size: 2961 bytes --]

RE: Memory leak problem

[Jean Cantarutti]

[-- Attachment #1: Type: text/html, Size: 2815 bytes --]

Re: Memory leak problem

[Anders Fugmann]

Jean Cantarutti wrote:
> Netfilter is the only proccess running in that machine (I think).
> kernel version: 2.4.18-3
> gcc version: 2.96
> Red Hat Linux 7.3 2.96-110
> 
Please repeat how you observe the leak, and what tools you are using in 
order to do so. Also give some printouts from the system, in order for 
us to verify the leak.

Regards
Anders Fugmann

Memory leak problem

[Pito Breizh]

Hello,

I've got a problem of memory leak with iptables. I'm using iptables
1.2.7a. I've linked libiptc.a and iptables.o with my application.

I'm setting up some NAT rules by using do_command and iptc_commit
functions.

I've seen a mail on netfilter-devel list (dated of 2 september) dealing
with this problems. Here is this mail :

>You expect the iptables source components to be more than a short->running 
>one-shot application; you expect them to be usable in a library in a 
>longer-running process. That expectation is wrong, the current userlevel 
>iptables source was not designed with that goal in mind.

>This is currently tackled by some developers (not me), who are working
>on an all-new userlevel and user/kernel interface that _is_ designed
>to support efficient use from many different userlevel applications.

>However, as far as I know, this reimplementation is currently not
>in a form that you may use.

>best regards
>  Patrick

First of all, I would want to know if the developers team in charge of
the developement of the new userlevel interface is on this list?

Secondly, are there news about this subject ? If developement's
resources are needed, perhaps I can help !

Best regards,
   Mickael





_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp