Bug #13525


Memory leak in PF when retrieving Ethernet rules

Added by Steve Wheeler about 1 year ago. Updated 11 months ago.

Operating System
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


In 2.7 and 22.05 the wired memory increases over time due to an apparent leak.

This appears to be in pf when it uses Ethernet rules. So it will impact installs running Captive Portal more visibly.


A fix for this has been submitted upstream:


2205.png (32.9 KB) 2205.png jeroen van breedam, 01/20/2023 01:06 AM
2301.png (34.4 KB) 2301.png jeroen van breedam, 01/20/2023 01:06 AM
Actions #2

Updated by Jim Pingle about 1 year ago

  • Plus Target Version changed from 22.11 to 23.01
Actions #3

Updated by jeroen van breedam about 1 year ago

any eta on a fix for 22.05 ?
remembering (to reboot a firewall every 20 days) is not my thing.

Actions #4

Updated by Steve Wheeler 12 months ago

  • Status changed from In Progress to Feedback

This is now in 23.01 and 2.7.

It needs feedback from someone who was hitting it previously.

Actions #5

Updated by Jim Pingle 12 months ago

  • Subject changed from pf: memory leak retrieving Ethernet rules to Memory leak in PF when retrieving Ethernet rules

Updating subject for release notes.

Actions #6

Updated by Jim Pingle 12 months ago

  • % Done changed from 0 to 100

I checked all around my lab and though I have captive portal enabled on numerous systems I couldn't find any that had evidence of a memory leak before or after the time when the fix went in. It's possible it requires a certain amount of user activity/churn to trigger, or at least a certain number of other config items (e.g. some number of Captive Portal allowed/blocked IP/FQDN/MAC entries?)

Would be nice if we had some idea of how to reproduce it reliably so we can confirm the fix.

Actions #7

Updated by jeroen van breedam 11 months ago

updated the system to 23.01 beta on sunday 15th
4 days later i can not notice any significant memory leak. wired memory increased less then 0.8%.
on 22.05 wired memory would have increased around 20% in the same time-frame.

i will keep a close eye on the problem the next couple of weeks.
screenshot of graphs attached



Actions #8

Updated by Jim Pingle 11 months ago

  • Status changed from Feedback to Resolved

That seems like enough to call this resolved for now -- we can always revisit it if needed.

Unrelated to this issue (pf/memory leaking), but if you are using ZFS, you might want to restart one more time after the upgrade if you are monitoring memory usage closely for problems such as this. Post-upgrade, ZFS ARC will be consuming a larger amount of wired memory than usual due to all of the filesystem changes during the upgrade process. This is harmless in most cases as it will give up space as needed if there is memory pressure, but it can make monitoring usage as a whole trickier than it needs to be for watching usage patterns as in this situation. While it isn't isolated on the graph since it's lumped into "wired", you can monitor that usage via the top command or Diagnostics > System Activity. If you are using UFS then that wouldn't apply.


Also available in: Atom PDF