Project

General

Profile

Actions

Bug #13525

closed

Memory leak in PF when retrieving Ethernet rules

Added by Steve Wheeler over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
2.7.x
Affected Architecture:
All

Description

In 2.7 and 22.05 the wired memory increases over time due to an apparent leak.

This appears to be in pf when it uses Ethernet rules. So it will impact installs running Captive Portal more visibly.

See: https://forum.netgate.com/topic/174927/ng6100-max-pf-22-05-wired-memory-increasing-over-time/

A fix for this has been submitted upstream:
https://github.com/freebsd/freebsd-src/commit/0044bd90f2397dfad5f4bbd12c64be86e0b7eb4a


Files

2205.png (32.9 KB) 2205.png jeroen van breedam, 01/20/2023 01:06 AM
2301.png (34.4 KB) 2301.png jeroen van breedam, 01/20/2023 01:06 AM
Actions #2

Updated by Jim Pingle over 1 year ago

  • Plus Target Version changed from 22.11 to 23.01
Actions #3

Updated by jeroen van breedam over 1 year ago

any eta on a fix for 22.05 ?
remembering (to reboot a firewall every 20 days) is not my thing.

Actions #4

Updated by Steve Wheeler over 1 year ago

  • Status changed from In Progress to Feedback

This is now in 23.01 and 2.7.

It needs feedback from someone who was hitting it previously.

Actions #5

Updated by Jim Pingle over 1 year ago

  • Subject changed from pf: memory leak retrieving Ethernet rules to Memory leak in PF when retrieving Ethernet rules

Updating subject for release notes.

Actions #6

Updated by Jim Pingle over 1 year ago

  • % Done changed from 0 to 100

I checked all around my lab and though I have captive portal enabled on numerous systems I couldn't find any that had evidence of a memory leak before or after the time when the fix went in. It's possible it requires a certain amount of user activity/churn to trigger, or at least a certain number of other config items (e.g. some number of Captive Portal allowed/blocked IP/FQDN/MAC entries?)

Would be nice if we had some idea of how to reproduce it reliably so we can confirm the fix.

Actions #7

Updated by jeroen van breedam about 1 year ago

updated the system to 23.01 beta on sunday 15th
4 days later i can not notice any significant memory leak. wired memory increased less then 0.8%.
on 22.05 wired memory would have increased around 20% in the same time-frame.

i will keep a close eye on the problem the next couple of weeks.
screenshot of graphs attached

22.05:

23.01:

Actions #8

Updated by Jim Pingle about 1 year ago

  • Status changed from Feedback to Resolved

That seems like enough to call this resolved for now -- we can always revisit it if needed.

Unrelated to this issue (pf/memory leaking), but if you are using ZFS, you might want to restart one more time after the upgrade if you are monitoring memory usage closely for problems such as this. Post-upgrade, ZFS ARC will be consuming a larger amount of wired memory than usual due to all of the filesystem changes during the upgrade process. This is harmless in most cases as it will give up space as needed if there is memory pressure, but it can make monitoring usage as a whole trickier than it needs to be for watching usage patterns as in this situation. While it isn't isolated on the graph since it's lumped into "wired", you can monitor that usage via the top command or Diagnostics > System Activity. If you are using UFS then that wouldn't apply.

Actions

Also available in: Atom PDF