Henning Brauer wrote:
Thanks David for this pointer. It may very well be the same issue.
Even though the two bridged interfaces are em(4) (1 Gb/s), the
Out-of-Band Management (OOBM) interface is fxp(4) that carries two
VLANs, one for pfsync(4), and one for command&control/monitoring.
the leak had nothing to do with fxp.
it's simply a generic memory leak in a state insertion error path that
single firewalls tend to trigger seldom if at all, but pfsync
regularily hits.
Still, I will given Henning's patch a try, while waiting for results
of the instrumentation with 'vmstat -m', as suggested by the previous
responder.
if you're running pfsync i make bets it is that.
if you look at vmstat -m and pfstatekeypl has more objects in use than
pfstatepl you know it is that.
Yeah your patch thankfully does fix the problem. Just had another pair of
4.2 boxes
fall over from the same bug this morning.
Is it serious enough to put an errata note up?
