Ok, so Valgrind came up with something(thanks for the suggestion Robert): With UDP Spoof Turned on: ==27361== Memcheck, a memory error detector for x86-linux. ==27361== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al. ==27361== Using valgrind-2.2.0, a program supervision framework for x86-linux. ==27361== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al. ==27361== For more details, rerun with: -v ==27361== io.c: Preparing fd 3 for reading io.c: Preparing fd 4 for reading io.c: listening on fd 5 io.c: connecting using fd 6 io.c: connecting using fd 8 io.c: connecting using fd 8 syslog-ng version 1.6.6 starting io.c: Preparing fd 6 for writing ==27361== Invalid read of size 2 ==27361== at 0x805A987: libnet_in_cksum (in /usr/local/sbin/syslog-ng) ==27361== Address 0x1BA764E2 is 178 bytes inside a block of size 179 alloc'd ==27361== at 0x1B902E28: malloc (vg_replace_malloc.c:131) ==27361== by 0x805912D: libnet_pblock_coalesce (in /usr/local/sbin/syslog-ng) ==27361== by 0x804C063: do_handle_log (destinations.c:103) ==27361== by 0x804B5EC: do_distribute_log (center.c:149) ==27361== by 0x804B02A: do_add_source_name (sources.c:289) ==27361== by 0x804AA8C: do_handle_line (sources.c:75) ==27361== by 0x804ADA5: do_read_line (sources.c:134) ==27361== by 0x8054AF8: read_callback (in /usr/local/sbin/syslog-ng) ==27361== by 0x804A079: main_loop (main.c:253) ==27361== by 0x804A75C: main (main.c:549) io.c: Preparing fd 8 for writing io.c: connecting using fd 11 io.c: connecting using fd 11 With UDP spoof turned off: ==27373== Memcheck, a memory error detector for x86-linux. ==27373== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al. ==27373== Using valgrind-2.2.0, a program supervision framework for x86-linux. ==27373== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al. ==27373== For more details, rerun with: -v ==27373== io.c: Preparing fd 3 for reading io.c: Preparing fd 4 for reading io.c: listening on fd 5 io.c: connecting using fd 6 io.c: connecting using fd 7 io.c: connecting using fd 7 syslog-ng version 1.6.6 starting io.c: Preparing fd 6 for writing io.c: Preparing fd 7 for writing Which doesent say too much. I'm using libnet 1.1.2.1. The valgrind message only appears once - and does not appear as the memory leak contiues. I'm no valgrind expert, but I'm guessing it leaks one byte for each UDP packet sent. Not sure why spoofing would cause this inside libnet. Roberto Nibali <ratz@tac.ch> Sent by: syslog-ng-admin@lists.balabit.hu 03/02/2005 10:13 AM Please respond to syslog-ng@lists.balabit.hu To syslog-ng@lists.balabit.hu cc Subject Re: [syslog-ng]Syslog-NG 1.6.6 memory leak when sending UDP logs henry@shoelacecity.com wrote:
Let me understand this, you were seeing a leak when using a PERL script to send UDP packets using Net::RawIP _to_ syslong_ng.
Exact, the perl-related process was leaking, no syslog involved. We had to hand-craft the UDP packets since the spoofing only works partially from our POV.
I am still experiencing clear leak behavior when using syslog-ng to send spoffed UDP packets to other syslog-ng's. The syslog-ng sender is leaking, the receiver is exhibitning normal behavior.
You could valgrind the process ... http://valgrind.kde.org/ Sorry for not being more helpful to you in this matter, Roberto Nibali, ratz -- ------------------------------------------------------------- addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355 http://www.terreactive.com fax://++41 62 823 9356 ------------------------------------------------------------- terreActive AG Wir sichern Ihren Erfolg ------------------------------------------------------------- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html