[zorp-hu] memoryleak 2.1.7.2

Kosa Attila zorp-hu@lists.balabit.hu
Fri, 17 Sep 2004 17:19:48 +0200 

On Thu, Sep 16, 2004 at 03:37:06PM +0200, Kosa Attila wrote:
> 
> OK, atszerveztem. Jelentkezem, ha tobbet tudok. Amugy transzparens.

8 ora 46 perckor (masodpercekkel az ujrainditasa utan):

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+ COMMAND           
25636 root       9   0  4524 4520 2700 S  0.0  1.8   0:00.50 /usr/lib/zorp/zorp

17 ora 07 perckor (reggel ota nem volt ujrainditva):

25636 root       9   0 15188  14m 3236 S  0.0  5.9   0:01.41 /usr/lib/zorp/zorp

A policy.py fajl:

from Zorp.Core import *
from Zorp.Http import *
from Zorp.Pssl import *

Zorp.firewall_name = 'zorp-https@XXX.hu'

InetZone("webezes", "192.168.0.0/16",
    inbound_services=[],
    outbound_services=["intra_https"])

InetZone("internet", "0.0.0.0/0",
    inbound_services=["intra_https"],
    outbound_services=[])

class IntraHttps(PsslProxy):
        class EmbeddedHttp(HttpProxy):
                def config(self):
                        HttpProxy.config(self)
                        self.transparent_mode = TRUE

        def config(self):
                self.server_need_ssl = TRUE
                self.server_verify_type = SSL_VERIFY_REQUIRED_TRUSTED
                self.server_ca_directory = '/etc/zorp/ca.crt'
                self.client_need_ssl = TRUE
                self.client_cert = '/etc/zorp/https.crt'
                self.client_key = '/etc/zorp/https.key'
                self.client_verify_type = SSL_VERIFY_NONE
                self.stack_proxy = self.EmbeddedHttp
                self.server_verify_depth = 2

def init(name):
        debug(0, "Policy init, name=%s" % name)

        Service("intra_https", IntraHttps, TransparentRouter())

        Listener(SockAddrInet("192.168.1.254", 50443), "intra_https")

debug(0, "Policy bootstrap done...");

Az instances.conf fajl:

zorp_https --verbose=5 --threads=200 --policy /etc/zorp/policy-https.py --autobind-ip 192.168.200.254

Kernel: 2.4.25-zorpos, teljesen friss Sarge, a zorpot a
www.balabit.hu-rol toltottuk le, es portoltuk Sarge ala.

# COLUMNS=150 dpkg -l python* | grep ^ii
ii  python                          2.3.4-3             An interactive high-level object-oriented language (default version)
ii  python-extclass                 1.2.0zope-2.5.1-1.3 Improves integration between Python and C++ classes
ii  python2.3                       2.3.4-10            An interactive high-level object-oriented language (version 2.3)
ii  python2.3-extclass              1.2.0zope-2.5.1-1.3 Improves integration between Python and C++ classes (Python 2.3)

# dpkg -l zorp* | grep ^ii
ii  zorp           2.1.7.2        An advanced protocol analyzing firewall
ii  zorp-modules   2.1.7.2        Default proxy modules for Zorp

Mit tudok segiteni, hogy kideruljon, mivel van gond? Mivel a http
proxy-n nagyobb forgalom van (legalabbis velhetoen), mint a https-en (es
az nem no - ilyen latvanyosan legalabbis), ezert inkabb a pssl-re
modositom a tippemet :)

-- 
		Udvozlettel
				    Zsiga