On 16/12/2019 11.37, Heikki Vatiainen wrote:
On 29/11/2019 11.57, Jan Tomasek wrote:
I'm running Radiator as Czech eduroam proxy. I've about 450 peer RADIUS
servers, mostly (400+) using RadSec. I'm using CRL checking, which is
the main reason for its initial memory footprint but can hardly explain
memory leaks.
It might be useful to see if, for example, CRL files are refreshed on
the file system periodically and this corresponds to process size growth.
I took a closer look at CRL loading and noticed that with a very large
CRL file that is refreshed frequently, time stamp change is enough,
radiusd process size grows quickly. This turned out to be caused by
resources allocated by OpenSSL API not being freed by Radiator once the
CRL file had been processed.
Please go to https://www.open.com.au/radiator/downloads.html and proceed
to downloads. At the bottom of page listing the release packages for
4.24, there is a link to 4.24 patches. The fix to free resources is in
4.24-3.
The fix requires Net::SSLeay 1.46 which covers the most of current
distributions. Notably RHEL/CentOS 6 does unfortunately have
Net::SSLeay::X509_CRL_free() and on those systems the problem remains
and call to the said functions is not attempted.
Please see how it goes and let us know.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
