Bug #13525
closedMemory leak in PF when retrieving Ethernet rules
100%
Description
In 2.7 and 22.05 the wired memory increases over time due to an apparent leak.
This appears to be in pf when it uses Ethernet rules. So it will impact installs running Captive Portal more visibly.
See: https://forum.netgate.com/topic/174927/ng6100-max-pf-22-05-wired-memory-increasing-over-time/
A fix for this has been submitted upstream:
https://github.com/freebsd/freebsd-src/commit/0044bd90f2397dfad5f4bbd12c64be86e0b7eb4a
Files
Updated by Jim Thompson about 2 years ago
seems to have landed in our tree
https://github.com/pfsense/FreeBSD-src/commit/0044bd90f2397dfad5f4bbd12c64be86e0b7eb4a
as part of this merge, 2 days ago
https://github.com/pfsense/FreeBSD-src/commit/28f6f5e488e4e08899ccf4269440711181e3d5b7
Updated by Jim Pingle about 2 years ago
- Plus Target Version changed from 22.11 to 23.01
Updated by jeroen van breedam about 2 years ago
any eta on a fix for 22.05 ?
remembering (to reboot a firewall every 20 days) is not my thing.
Updated by Steve Wheeler about 2 years ago
- Status changed from In Progress to Feedback
This is now in 23.01 and 2.7.
It needs feedback from someone who was hitting it previously.
Updated by Jim Pingle about 2 years ago
- Subject changed from pf: memory leak retrieving Ethernet rules to Memory leak in PF when retrieving Ethernet rules
Updating subject for release notes.
Updated by Jim Pingle almost 2 years ago
- % Done changed from 0 to 100
I checked all around my lab and though I have captive portal enabled on numerous systems I couldn't find any that had evidence of a memory leak before or after the time when the fix went in. It's possible it requires a certain amount of user activity/churn to trigger, or at least a certain number of other config items (e.g. some number of Captive Portal allowed/blocked IP/FQDN/MAC entries?)
Would be nice if we had some idea of how to reproduce it reliably so we can confirm the fix.
Updated by jeroen van breedam almost 2 years ago
updated the system to 23.01 beta on sunday 15th
4 days later i can not notice any significant memory leak. wired memory increased less then 0.8%.
on 22.05 wired memory would have increased around 20% in the same time-frame.
i will keep a close eye on the problem the next couple of weeks.
screenshot of graphs attached
22.05:
23.01:
Updated by Jim Pingle almost 2 years ago
- Status changed from Feedback to Resolved
That seems like enough to call this resolved for now -- we can always revisit it if needed.
Unrelated to this issue (pf/memory leaking), but if you are using ZFS, you might want to restart one more time after the upgrade if you are monitoring memory usage closely for problems such as this. Post-upgrade, ZFS ARC will be consuming a larger amount of wired memory than usual due to all of the filesystem changes during the upgrade process. This is harmless in most cases as it will give up space as needed if there is memory pressure, but it can make monitoring usage as a whole trickier than it needs to be for watching usage patterns as in this situation. While it isn't isolated on the graph since it's lumped into "wired", you can monitor that usage via the top
command or Diagnostics > System Activity. If you are using UFS then that wouldn't apply.