[syslog-ng]Syslog-NG 1.6.6 memory leak when sending UDP logs

syslog-ng@lists.balabit.hu syslog-ng@lists.balabit.hu
Tue, 1 Mar 2005 10:20:59 -0500 

This is a multipart message in MIME format.
--=_alternative 00546D5185256FB7_=
Content-Type: text/plain; charset="US-ASCII"

I let it run over night with Balazs' "patch". It's been running for about 
20 hours, and it is still leaking memory - in the past 20 hours, it's up 
to 384 mb consumed.   It seems to be a little slower, but that could be 
subjective on the amount of log traffic. Either way, it still exists.





Roberto Nibali <ratz@drugphish.ch> 
Sent by: syslog-ng-admin@lists.balabit.hu
03/01/2005 03:06 AM
Please respond to
syslog-ng@lists.balabit.hu


To
syslog-ng@lists.balabit.hu
cc

Subject
Re: [syslog-ng]Syslog-NG 1.6.6 memory leak when sending UDP logs






Hello,

> Can you check if this simple one-liner solves the problem? (if you don't
> have scsh, touch afinet.c.x after applying the patch to satisfy build
> dependencies)
> 
> diff -u -r1.25.4.6 afinet.c
> --- afinet.c    5 Aug 2004 11:35:12 -0000       1.25.4.6
> +++ afinet.c    28 Feb 2005 19:17:30 -0000
> @@ -653,6 +653,7 @@
>                         if (libnet_write(self->lnet_ctx) < 0) {
>                                 werror("Error sending raw frame, error: 
%z", libnet_geterror(self->lnet_ctx));
>                         }
> +                       ol_string_free(msg_line);
>                 }
>                 else {
>                 fallback_socket:

It looks very much like a leak. As I've heard last week from our 
development team, they seem to have seen similar massive leaks when 
using UDP spoofing. But I need to confirm that first. I'll let you know 
tomorrow or the latest by next Wednesday.

The leak manifested itself when calling syslog() over a perl script or 
something similar, I don't exactly remember. The gross and I/O intesive 
solution was to fork()+exec(), but that's what you have SMP machines 
for, right? :).

Thanks,
Roberto Nibali, ratz
-- 
echo 
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html



--=_alternative 00546D5185256FB7_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">I let it run over night with Balazs'
&quot;patch&quot;. It's been running for about 20 hours, and it is still
leaking memory - in the past 20 hours, it's up to 384 mb consumed. &nbsp;
It seems to be a little slower, but that could be subjective on the amount
of log traffic. Either way, it still exists.</font>
<br>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Roberto Nibali &lt;ratz@drugphish.ch&gt;</b>
</font>
<br><font size=1 face="sans-serif">Sent by: syslog-ng-admin@lists.balabit.hu</font>
<p><font size=1 face="sans-serif">03/01/2005 03:06 AM</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
syslog-ng@lists.balabit.hu</font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">syslog-ng@lists.balabit.hu</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Re: [syslog-ng]Syslog-NG
1.6.6 memory leak when sending UDP logs</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>Hello,<br>
<br>
&gt; Can you check if this simple one-liner solves the problem? (if you
don't<br>
&gt; have scsh, touch afinet.c.x after applying the patch to satisfy build<br>
&gt; dependencies)<br>
&gt; <br>
&gt; diff -u -r1.25.4.6 afinet.c<br>
&gt; --- afinet.c &nbsp; &nbsp;5 Aug 2004 11:35:12 -0000 &nbsp; &nbsp;
&nbsp; 1.25.4.6<br>
&gt; +++ afinet.c &nbsp; &nbsp;28 Feb 2005 19:17:30 -0000<br>
&gt; @@ -653,6 +653,7 @@<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; if (libnet_write(self-&gt;lnet_ctx) &lt; 0) {<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; werror(&quot;Error sending raw
frame, error: %z&quot;, libnet_geterror(self-&gt;lnet_ctx));<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; }<br>
&gt; + &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; ol_string_free(msg_line);<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; else {<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; fallback_socket:<br>
<br>
It looks very much like a leak. As I've heard last week from our <br>
development team, they seem to have seen similar massive leaks when <br>
using UDP spoofing. But I need to confirm that first. I'll let you know
<br>
tomorrow or the latest by next Wednesday.<br>
<br>
The leak manifested itself when calling syslog() over a perl script or
<br>
something similar, I don't exactly remember. The gross and I/O intesive
<br>
solution was to fork()+exec(), but that's what you have SMP machines <br>
for, right? :).<br>
<br>
Thanks,<br>
Roberto Nibali, ratz<br>
-- <br>
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc<br>
_______________________________________________<br>
syslog-ng maillist &nbsp;- &nbsp;syslog-ng@lists.balabit.hu<br>
https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html<br>
<br>
</tt></font>
<br>
--=_alternative 00546D5185256FB7_=--