Snort mailing list archives
Re: Memory leak -- StreamPolicyInitTcp
From: Jon Larson <jon () catbird com>
Date: Tue, 19 Apr 2016 17:24:47 -0700
But then, there is this code in snort.c:VerifyReload: if ( sc->respond_attempts != snort_conf->respond_attempts || sc->respond_device != snort_conf->respond_device ) Since sc->respond_device and snort_conf->respond_device are "char *" is this code correct? If the memory addresses aren't the same the condition fails and the config isn't reloaded, snort is restarted. In this case it frees the old config and merely re-initalizes. So the code you point out below won't be executed. On 4/19/16 3:00 AM, Gaurav Nagare (gnagare) wrote:
Hi Jon, Check following code from addStreamTcpPolicyToList(), I believe it does free of policy list. // copy the existing policies to new list, free old list and point to new... memcpy( tmpPolicyList, config->policy_list, policyListSize - sizeof( StreamTcpPolicy * ) ); free( config->policy_list ); config->policy_list = tmpPolicyList; C Thanks Gaurav On 19/04/16, 5:01 AM, "Jon Larson" <jon () catbird com> wrote:For each policy, ConfigurePreprocessors calls StreamPolicyInitTcp calls StreamTcpPolicyInit. The structure allocated in ConfigurePreprocessors is added onto the config->policy_list and freed when snort exits. However, if a config reload occurs (as when snort receives a SIGHUP signal), a new StreamTcpPolicy is allocated (for each policy), but the previous one isn't freed. The StreamTcpPolicy structure is approx 2MB so memory gets eaten up quickly with numerous config reloads. The Is this a known issue? -------------------------------------------------------------------------- ---- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Memory leak -- StreamPolicyInitTcp Jon Larson (Apr 18)
- Re: Memory leak -- StreamPolicyInitTcp Gaurav Nagare (gnagare) (Apr 19)
- Re: Memory leak -- StreamPolicyInitTcp Jon Larson (Apr 19)
- Re: Memory leak -- StreamPolicyInitTcp Gaurav Nagare (gnagare) (Apr 19)