ocserv memory increase on occtl reload
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Aug 21 04:22:39 PDT 2015
On Thu, Aug 20, 2015 at 7:16 PM, Niels Peen <niels at peen.ch> wrote:
>
>> On 20 Aug 2015, at 16:45, Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote:
>
>> I could not figure how to reproduce that. My main process remained
>> unchanged after reloads using the sample config and certificate auth.
>> Could you send me some steps to be able to reproduce the issue?
>
> I use the config below, then use occtl to reload. Issue the reload command a few times and I’ll see a significant increase in memory usage.
Thanks. It seems it was the CRL reloading. The CRL entries were
accumulating. I've committed a fix in gnutls:
https://gitlab.com/gnutls/gnutls/commit/5870a55d0be3c1d995e951d7a36b504e66c87004
>> btw. did you have any issues with the "enable-auth certificate"
>> option? Its purpose was to eliminate the need for two servers.
> No issues. Just haven’t shut down the old process on all servers yet.
> What’s interesting to note is that the radius config with enable-auth=“certificate” added does not have the memory issue.
Are you sure. I seem to have the same leak if I switch your config to
use primary auth radius and set enable-auth to certificate.
regards,
Nikos
More information about the openconnect-devel
mailing list