[Swan] Pluto consumes all available memory
Paul Wouters
paul at nohats.ca
Wed May 20 22:08:37 EEST 2015
On Wed, 20 May 2015, Will Roberts wrote:
> Subject: Re: [Swan] Pluto consumes all available memory
>
> On 04/30/2015 04:38 PM, Paul Wouters wrote:
>> So possibly, the leak only happens in some failure case that keeps
>> repeating. I'd suggest to leave it running longer. Look at the pluto
>> memory size, and only when it gets really big do the restart and check
>> for leaks.
> The error was triggered again, but unfortunately the leak detector still
> shows the same exact leaks.
Which were? there must have been a lot of the,?
> The following errors were printed during the shutdown process:
>
> May 20 18:01:57 sanfrancisco pluto[7864]: "wonderproxy-L2TP"[15046]
> 69.90.78.100: deleting connection "wonderproxy-L2TP" instance with peer
> 69.90.78.100 {isakmp=#0/ipsec=#0}
> May 20 18:01:57 sanfrancisco pluto[7864]: "wonderproxy-L2TP" #34623: deleting
> state (STATE_QUICK_R1)
You had 34623 states since startup. Usually that indicates tunnels that
are infinitely failing to establish. I suspect something in the error
path is leaking that memory.
> May 20 18:01:57 sanfrancisco pluto[7864]: "wonderproxy-L2TP" #34623: ERROR:
> netlink response for Del SA esp.b7f1c7e7 at 198.199.98.122 included errno 3: No
> such process
Those are SA's the kernel deleted but pluto thought those should still
be there. I'm confused what would have happened to those.
> 198.199.98.122 - is that machine's local IP
> 69.90.78.100, 176.58.89.113, and 198.58.96.25 are the IPs of our monitoring
> servers
If this is just 1-3 machines, then you must see a continuous log of IKE
failures?
Paul
More information about the Swan
mailing list