Hi,
I ask a friend of mine to find the leak, and this is the patch. The
author is Edvin Torok, and the license is the same of pound.
We try it and it works, at least for 64 bit architecture.
bye,
patrizio
--- orig/Pound-2.6e/svc.c 2011-04-25 12:10:45.000000000 +0300
+++ new/Pound-2.6e/svc.c 2011-06-12 10:32:21.438922904 +0300
@@ -1433,13 +1433,14 @@
#include "dh512.h"
#include "dh1024.h"
+static DH *DH512_params, *DH1024_params;
+
DH *
DH_tmp_callback(/* not used */SSL *s, /* not used */int is_export, int
keylength)
{
- if(keylength == 512)
- return get_dh512();
- else
- return get_dh1024();
+ /* OpenSSL doesn't free the returned DH (it dups it), so
+ * don't return a new DH each time here! */
+ return keylength == 512 ? DH512_params : DH1024_params;
}
static time_t last_RSA, last_rescale, last_alive, last_expire;
@@ -1471,6 +1472,9 @@
/* pthread_mutex_init() always returns 0 */
pthread_mutex_init(&RSA_mut, NULL);
+ DH512_params = get_dh512();
+ DH1024_params = get_dh1024();
+
return;
}
On 07/06/2011 00:19, Patrizio Tassone - Stardata s.r.l. wrote:
> Hi,
>
> we're benchmarking our web infrastructure (pound + several nginx) with
> 300 and more concurrent clients, over 30M hit a day.
>
> Our servers are 1-socket 4-core cpu with 12 GB RAM: Pound starts with
> 1.2 GB virt memory and increase more and more and allocate all the
> memory in a day.
>
> We try the 2.5 (even with the svc fix found on the mailing list), but
> nothing happens, so we switch to the 2.6 tree.
>
> Our configuration is pretty simple:
>
>> ## check backend every X secs:
>> Alive 5
>>
>> # Main listening ports
>> ListenHTTP
>> Address 10.1.20.201
>> Port 80
>> Client 1000
>>
>>
>> # Image server
>> Service
>> URL ".*.(jpg|gif|png)"
>> BackEnd
>> Address 127.0.0.1
>> Port 80
>> Timeout 30
>> End
>> End
>>
>>
>> Service
>> HeadRequire "xxx.stardata.it"
>> Redirect "https://xxx.stardata.it";
>> End
>>
>>
>> End
>>
>> # SSL section
>> ListenHTTPS
>> Address 10.1.20.201
>> Port 443
>> # Cert "/etc/pound/ssl/www.stardata.lan.pem"
>> Cert "/etc/pound/ssl/www.stardata.com.pem"
>> Client 1500
>>
>> Service
>> BackEnd
>> Address 127.0.0.1
>> Port 80
>> Timeout 30
>> End
>> End
>> End
>>
>
> at 127.0.0.1:80 is listening haproxy.
>
> We're using a 5.6 centos distro, x86_64, without google perftools, and
> we compiled pound with gcc 4.1.2 (we fix configure in order to compile
> the 2.6e version).
>
> Can anyone tell us what is wrong?
>
> Thanks in advance,
>
> Patrizio
>
>
>
>
>
> --
> To unsubscribe send an email with subject unsubscribe to [email protected].
> Please contact [email protected] for questions.
>
--
Patrizio Tassone Tel. +39 0521 / 46.35.96
Founder & Editor in Chief Fax +39 0521 / 185.27.46
Linux&C. - LinuxPratico - H&C. Cell +39 348 / 60.31.999
Founder StarData s.r.l. [email protected]
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
