[strongSwan] system memory leak when soaking 1000 connections

Martin Willi martin at strongswan.org
Thu Jan 24 10:15:15 CET 2013


Hi Simon,

> After running for 2.5 days, free memory dropped by 69M.

> VM sizes of charon and all other processes were stable during the test period.

Any change in resident memory? Are your running IKEv1 or IKEv2?

> I wonder if IKE channel renewal and key renewal may leave entries
> pilling up in Security Policy db and Security Association db?

No, it definitely shouldn't. You may easily check that using "ip xfrm
state" and "ip xfrm policy".

> I am lost how to explain the corelation between key renewal and memory
> drop. Anyone have any ideas how to debug this problem?

I'd try to check if you can reproduce the issue when
installing/uninstalling SAD and SPD entries manually. A script using "ip
xfrm" or setkey to install (and remove) a few thousand entries should be
trivial to write. And if you get the kernel to "bleed to death" with
this method, there is definitely something wrong in your kernel.

Regards
Martin





More information about the Users mailing list