Brad Langhorst wrote: > I have a bering ulibc firewall running shorwall and ipsec. > > It's badly leaking memory. > see: > https://development.coopmetrics.coop/munin/mcgruff/mcgruff.html > > you can see that it leaks pretty hard during the nightly backups. > > i have to reboot every few days or the machine runs out of ram and > becomes unstable. > > The bad news is that this machine is in production, and i can't take it > down any time soon. > > I'm pretty sure that it's ipsec related because i don't lose memory when > doing a big scp transfer NOT via the vpn. > > Removing the ipsec modules does not free up the ram. > > Any ideas? > Anybody seen this problem before?
Not before, but awoken by your message I looked at my freshly installed ipsec installation and yes, from the looks of it it appears to leak. Can you tell us if this is traffic related, e.g. are you leaking more if there is heavy traffic as opposed to just open tunnels? What release is this related to? Erich > > brad > > memory info below: > > > > > mcgruff# uname -a > Linux mcgruff 2.4.33 #1 Mon Sep 4 15:52:08 CEST 2006 i686 unknown > > mcgruff# ps aux > PID Uid VmSize Stat Command > 1 root 244 S init [2] > 2 root SW [keventd] > 3 root SWN [ksoftirqd_CPU0] > 4 root SW [kswapd] > 5 root SW [bdflush] > 6 root SW [kupdated] > 20110 root 268 S /sbin/syslogd -m 240 > 9531 root 332 S /sbin/klogd > 19053 root SW [khubd] > 23869 root 244 S /sbin/dhcpcd-bin -Y -N -R -d eth0 > 16786 root 136 S /usr/sbin/watchdog > 14975 root 232 S /usr/sbin/inetd > 914 root 272 S /usr/sbin/ulogd -d > 8127 root 956 S /usr/sbin/sshd > 11645 root 420 S /usr/sbin/ntpd -g > 10743 dnscache 1224 S /usr/bin/dnscache > 2076 root 288 S /usr/bin/ez-ipupdate -c /etc/ez-ipupd.conf > -F /var/run/ez-ipupd.pid > 1016 root 308 S /usr/sbin/cron > 254 root 13376 S /usr/sbin/snmpd -Lsd -Lf /dev/null > -p /var/run/snmpd.pid > 16747 root 288 S /sbin/getty 38400 tty1 > 29709 root 288 S /sbin/getty 38400 tty2 > 31535 root 420 S /usr/sbin/ntpd -g > 18574 root 1216 S /usr/sbin/sshd: [EMAIL PROTECTED] > 5204 root 404 S -sh > 22527 root 340 S /bin/sh /usr/lib/ipsec/_plutorun --debug > --uniqueids yes --nocrsend --strictcrlpolicy --nat_trave > 25116 root 296 S logger -s -p daemon.error -t ipsec__plutorun > 30277 root 344 S /bin/sh /usr/lib/ipsec/_plutorun --debug > --uniqueids yes --nocrsend --strictcrlpolicy --nat_trave > 27023 root 340 S /bin/sh /usr/lib/ipsec/_plutoload --wait no > --post > 32018 root 844 S /usr/lib/ipsec/pluto --nofork > --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto -- > 2607 root 476 S N pluto helper # 0 > -nofork > 6092 root 132 S _pluto_adns > 1810 root 284 R ps aux > mcgruff# free > total used free shared buffers > Mem: 119664 103964 15700 0 56 > Swap: 0 0 0 > Total: 119664 103964 15700 > > mcgruff# cat /proc/meminfo > total: used: free: shared: buffers: cached: > Mem: 122535936 106496000 16039936 0 57344 14569472 > Swap: 0 0 0 > MemTotal: 119664 kB > MemFree: 15664 kB > MemShared: 0 kB > Buffers: 56 kB > Cached: 14228 kB > SwapCached: 0 kB > Active: 9680 kB > Inactive: 4660 kB > HighTotal: 0 kB > HighFree: 0 kB > LowTotal: 119664 kB > LowFree: 15664 kB > SwapTotal: 0 kB > SwapFree: 0 kB > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/