search

libreswan / libreswan

libreswan
https://libreswan.org/
Other
838 stars 220 forks source link

pluto process occupies more memory #1755

Open Yams-github24 opened 2 months ago

Yams-github24 commented 2 months ago

We see that pluto process occupies around "1145344" bytes of memory on start. Our requirement is to run pluto process for around 80 namespaces. When 80 pluto process are run, we see memory occupied by the 80 pluto process is exceeding our system limit.

We tried running memeoryleak tool for a pluto process and found some leak. Below is the report generated by Valgrind tool.

Version: "Libreswan 4.3" Command: "valgrind /usr/libexec/ipsec/pluto --nofork" Report: HEAP SUMMARY: in use at exit: 940,762 bytes in 3,358 blocks total heap usage: 10,621 allocs, 7,263 frees, 3,174,857 bytes allocated

LEAK SUMMARY: definitely lost: 0 bytes in 0 blocks indirectly lost: 0 bytes in 0 blocks possibly lost: 36,935 bytes in 130 blocks still reachable: 903,827 bytes in 3,228 blocks of which reachable via heuristic: length64 : 227,672 bytes in 620 blocks suppressed: 0 bytes in 0 blocks

Can you please give a check on this. Also please suggest if you have any recommendation/options to run pluto process with less memory. Let me know if there's anything else I can provide to help diagnose this.

letoams commented 2 months ago

On Jul 12, 2024, at 08:01, Yams-github24 @.***> wrote:

 We see that pluto process occupies around "1145344" bytes of memory on start. Our requirement is to run pluto process for around 80 namespaces. When 80 pluto process are run, we see memory occupied by the 80 pluto process is exceeding our system limit.

We tried running memeoryleak tool for a pluto process and found some leak. Below is the report generated by Valgrind tool.

Please run pluto with —leak-detective then when it uses a lot of memory issue a clean shutdown. It should report on memory leaks in a more useful way for us to analyze.

Version: "Libreswan 4.3"

This is obviously a very old version, can you not upgrade to a newer version ? Eg 4.15 or 5.0 ?

Yams-github24 commented 2 months ago

Thank you for your response. I could not find any leaks [ "leak detective found no leaks" ] when pluto is run with --leak-detective and shutdown. Our concern is with respect to the memory occupied by pluto process when it is in started state. We see pluto process occupies around 1145344 bytes of memory even without adding any configurations. Is this the expected size of the pluto process?

letoams commented 2 months ago

Depending on what is enabled. Try disabling some unused features in mk/config.mk such as USE_DNSSEC, USE_IKEv1 etc

Yams-github24 commented 2 months ago

Thank you. We will check by disabling unused features.

cagney commented 1 month ago

Can I suggest looking at the libraries that libreswan relies on.

Yams-github24 commented 1 month ago

On 5.0 version, already most of the features were disabled. On disabling 4 more features, I could see almost the same size. With default: Size: "1145344" bytes Disabling few features: Size "1144220" bytes.

Is there any other way we can reduce the memory size of the pluto process?