Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.
I use L7-userspace 0.4 on suse 10.1 32bit, Does it really need about 300 MB of memory? :-) Memory usage increases day after day. Have a nice day. JK
Logged In: YES
No, it certainly doesn't need that much memory. Could you send the details of your configuration/situation? What patterns are you using? How much traffic is passing through l7-filter? How many MB/hour are we looking at?
Logged In: NO
System: OpenSuSE 10.1 32Bit, config file:
sending to queue in FORWARD, conntrack = 0.0.81, queue = 0.0.13, nfnetlink = 0.0.30, average speed about 3Mbit per second. Have a nice day. JK
I've encountered the same issue. The problem is (partially?) due to get_l7_connection() function in l7-conntrack-orig.cpp in which the [ operator instantiates a new map item even if the key is not already present.
After applying the following patch the memory consumption increases much slower.
Before patch it takes 15 minutes to reach 100M on my busy test firewall.
After the patch it takes 1hour and 25 minutes.
I need more testing, but I suspect that this is not the only cause of the memory leak.
Proposed patch against version l7-filter-userspace-0.11:
--- l7-conntrack-orig.cpp 2009-06-20 09:18:48.000000000 +0200
+++ l7-conntrack.cpp 2009-06-20 09:20:47.000000000 +0200
@@ -210,9 +210,9 @@
l7_connection *l7_conntrack::get_l7_connection(const string key)
- return l7_connections[key];
+ return l7_connections.count(key)>0 ? l7_connections[key] : NULL;
void l7_conntrack::add_l7_connection(l7_connection* connection,
const string key)