Memory leak problem

From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jean Cantarutti Subject: Memory leak problem Date: Fri, 27 Sep 2002 11:03:32 -0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <7F2740B50D94FD4B9EAF9AAC33016C3C45382C@lascar> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/html; charset="us-ascii" To: netfilter@lists.netfilter.org Memory leak problem

Hi, im using iptables 1.2.5 on a HP = machine working like firewall, it has 512 MB of RAM and every 30 = seconds eats 6 kb of RAM, in 48 hours only left 8300 kb of available = RAM.

I need help.

Regards.

Jean Cantarutti
jcantarutti@subtel.cl

From mboxrd@z Thu Jan 1 00:00:00 1970 From: Antony Stone Subject: Re: Memory leak problem Date: Fri, 27 Sep 2002 17:33:03 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <200209271633.g8RGXPc32108@vulcan.rissington.net> References: <7F2740B50D94FD4B9EAF9AAC33016C3C45382C@lascar> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: <7F2740B50D94FD4B9EAF9AAC33016C3C45382C@lascar> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org On Friday 27 September 2002 4:03 pm, Jean Cantarutti wrote: > > > > > > Memory leak problem > > > >

Hi, im using iptables 1.2.5 on a HP machine > working like firewall, it has 512 MB of RAM and every 30 seconds eats 6 kb > of RAM, in 48 hours only left 8300 kb of available RAM.

Please: 1. Do not post html to this mailing list. 2. Tell us the volume of traffic you have going through your firewall. 3. Tell us the number of simultaneous connections you have through your firewall. 4. Tell us if you get any messages from netfilter in your syslog. 5. Give us an idea of what protocols you're handling, and what your ruleset is. 6. Let us know if you have any other services or applications running on your firewall. Antony. -- If you want to be happy for an hour, get drunk. If you want to be happy for a year, get married. If you want to be happy for a lifetime, get a garden. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anders Fugmann Subject: Re: Memory leak problem Date: Fri, 27 Sep 2002 18:07:32 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3D948244.1040407@fugmann.dhs.org> References: <7F2740B50D94FD4B9EAF9AAC33016C3C45382C@lascar> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Jean Cantarutti Cc: netfilter@lists.netfilter.org Jean Cantarutti wrote: > Hi, im using iptables 1.2.5 on a HP machine working like firewall, it > has 512 MB of RAM and every 30 seconds eats 6 kb of RAM, in 48 hours > only left 8300 kb of available RAM. Do remember that unused ram is used for disc cache and buffers, so watching top does not give nessesarly an accurate picture of how ram is used. Could you please describe why you think that iptabels/netfilter has a memory leak? Also printouts og memory usage would help us understand what is happening. Btw. What kernel are you using? Regards Anders Fugmann From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jean Cantarutti Subject: RE: Memory leak problem Date: Fri, 27 Sep 2002 12:56:51 -0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <7F2740B50D94FD4B9EAF9AAC33016C3C45383B@lascar> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/html; charset="us-ascii" To: 'Anthony Liu' , Jean Cantarutti Cc: Netfilter Mailing List RE: Memory leak problem

Hi, we serve 300 = clients for forwarding and 3 servers(http,vpn,h.323) using NAT.

thanks

Jean = Cantarutti
jcantarutti@subtel.cl

-----Mensaje original-----
De:     Anthony Liu [SMTP:anthony@nexus-online.com]
Enviado = el:     viernes, 27 de septiembre de 2002 12:51
Para:   Jean Cantarutti
CC:     Netfilter Mailing List
Asunto: Re: Memory leak problem

On Fri, 27 Sep 2002 11:03:32 = -0400 Jean Cantarutti <jcantarutti@subtel.cl> wrote:

> Memory leak problem
>
> Hi, im using iptables = 1.2.5 on a HP machine working like firewall, it has 512 MB of RAM and = every 30 seconds eats 6 kb of RAM, in 48 hours only left 8300 kb of = available RAM.

>
> I need help.

Are you sure it was leaking = memory? Each tracked connection use up some kernel memory.
http://www.netfilter.org/documentation/FAQ/netfilter-f= aq.html#toc3.6

Ignore "available" = RAM, the system will take as much "available" RAM for various = cache buffers,
the system will release it back = from the cache buffers when needed. If the memory pressure = still
increase, the system will start = to swap some other process out. Unless you are seeing = out-of-memory
situation in the syslog, it = should not be a problem. BTW, how many clients is the firewall = serving?

From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony Liu Subject: Re: Memory leak problem Date: Sat, 28 Sep 2002 00:51:12 +0800 Sender: netfilter-admin@lists.netfilter.org Message-ID: <20020927165112.7AF5C87849@defiant.starfleet.net> References: <7F2740B50D94FD4B9EAF9AAC33016C3C45382C@lascar> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <7F2740B50D94FD4B9EAF9AAC33016C3C45382C@lascar> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: Jean Cantarutti Cc: Netfilter Mailing List On Fri, 27 Sep 2002 11:03:32 -0400 Jean Cantarutti wrote: > Memory leak problem > > Hi, im using iptables 1.2.5 on a HP machine working like firewall, it has 512 MB of RAM and every 30 seconds eats 6 kb of RAM, in 48 hours only left 8300 kb of available RAM. > > I need help. Are you sure it was leaking memory? Each tracked connection use up some kernel memory. http://www.netfilter.org/documentation/FAQ/netfilter-faq.html#toc3.6 Ignore "available" RAM, the system will take as much "available" RAM for various cache buffers, the system will release it back from the cache buffers when needed. If the memory pressure still increase, the system will start to swap some other process out. Unless you are seeing out-of-memory situation in the syslog, it should not be a problem. BTW, how many clients is the firewall serving? From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jean Cantarutti Subject: RE: Memory leak problem Date: Fri, 27 Sep 2002 12:59:33 -0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <7F2740B50D94FD4B9EAF9AAC33016C3C45383C@lascar> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/html; charset="us-ascii" To: 'Anders Fugmann' , Jean Cantarutti Cc: netfilter@lists.netfilter.org RE: Memory leak problem

Netfilter is the = only proccess running in that machine (I think).
kernel version: = 2.4.18-3
gcc version: = 2.96
Red Hat Linux 7.3 = 2.96-110

regards

Jean = Cantarutti
jcantarutti@subtel.cl

-----Mensaje original-----
De:     Anders Fugmann [SMTP:afu@fugmann.dhs.org]
Enviado = el:     viernes, 27 de septiembre de 2002 12:08
Para:   Jean Cantarutti
CC:     netfilter@lists.netfilter.org
Asunto: Re: Memory leak problem

Jean Cantarutti wrote:
> Hi, im using iptables = 1.2.5 on a HP machine working like firewall, it
> has 512 MB of RAM and = every 30 seconds eats 6 kb of RAM, in 48 hours
> only left 8300 kb of = available RAM.
Do remember that unused ram is = used for disc cache and buffers, so
watching top does not give = nessesarly an accurate picture of how ram is
used.

Could you please describe why = you think that iptabels/netfilter has a
memory leak? Also printouts og = memory usage would help us understand
what is happening.

Btw. What kernel are you = using?

Regards
Anders Fugmann

From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anders Fugmann Subject: Re: Memory leak problem Date: Fri, 27 Sep 2002 19:05:36 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3D948FE0.3050405@fugmann.dhs.org> References: <7F2740B50D94FD4B9EAF9AAC33016C3C45383C@lascar> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Jean Cantarutti , netfilter@lists.netfilter.org Jean Cantarutti wrote: > Netfilter is the only proccess running in that machine (I think). > kernel version: 2.4.18-3 > gcc version: 2.96 > Red Hat Linux 7.3 2.96-110 > Please repeat how you observe the leak, and what tools you are using in order to do so. Also give some printouts from the system, in order for us to verify the leak. Regards Anders Fugmann From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Pito Breizh" Subject: Memory leak problem Date: Thu, 07 Nov 2002 07:52:51 +0000 Sender: netfilter-admin@lists.netfilter.org Message-ID: Mime-Version: 1.0 Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" Content-Transfer-Encoding: 7bit To: netfilter@lists.netfilter.org Hello, I've got a problem of memory leak with iptables. I'm using iptables 1.2.7a. I've linked libiptc.a and iptables.o with my application. I'm setting up some NAT rules by using do_command and iptc_commit functions. I've seen a mail on netfilter-devel list (dated of 2 september) dealing with this problems. Here is this mail : >You expect the iptables source components to be more than a short->running >one-shot application; you expect them to be usable in a library in a >longer-running process. That expectation is wrong, the current userlevel >iptables source was not designed with that goal in mind. >This is currently tackled by some developers (not me), who are working >on an all-new userlevel and user/kernel interface that _is_ designed >to support efficient use from many different userlevel applications. >However, as far as I know, this reimplementation is currently not >in a form that you may use. >best regards > Patrick First of all, I would want to know if the developers team in charge of the developement of the new userlevel interface is on this list? Secondly, are there news about this subject ? If developement's resources are needed, perhaps I can help ! Best regards, Mickael _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp