Hi, Dfa_state_cache does not follow its max size limit and it can run over this limit quite easily. I am not sure what kind of data are stored in the cache, so I am hesitant to fix the bug. Could you please take a look at it with relation to file analyzer?
I use bro 2.3-397. In one of the protocol analyzers, I call file_mgr->DataIn() and later file_mgr->EndOfFile(). Valgrind shows that if you run it on traffic with a lot of files to analyze, memory builds (and is not freed) at this path: file_analysis::File::DetectMime() (File.cc:304) file_analysis::Manager::DetectMime RuleMatcher::Match RE_Match_State::Match DFa_State::Xtion DFA_State::ComputeXtion DFA_Machine::StateSetToDFA_State DFA_State::DFA_State Any hint how to fix DFA_State and RE.cc? Thank you, Martina
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
