On Sat, Jan 31, 2015 at 12:59:34AM +0100, Lukas Tribus wrote: > > The maxconn was set to 4096 before, and after 45 days, haproxy was > > using 20gigs... > > Ok, can you set maxconn back to 4096, reproduce the leak (to at least > a few gigabytes) and a run "show pools" a few times to see where > exactly the memory consumption comes from?
Also, could you please send a network capture of the checks from the firewall to haproxy (if possible, taken on the haproxy side) ? It is possible that there is a specific sequence leading to an improper close (eg: some SSL structs not being released at certain steps in the handhskake, etc). Please use this to take your capture : tcpdump -vs0 -pi eth0 -w checks.cap host <firewall-ip> and port <local-port> Wait for several seconds, then Ctrl-C. Be careful, your capture will contain all the traffic flowing between haproxy and the firewall's address facing it, so there might be confidential information there, only send to the list if you think it's OK. Ideally, in parallel you can try to strace haproxy during this capture : strace -tts200 -o checks.log -p $(pgrep haproxy) Thanks, Willy