[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804 Peter Wu changed: What|Removed |Added Resolution|--- |DUPLICATE Status|CONFIRMED |RESOLVED --- Comment #16 from Peter Wu --- The memory usage issue on Windows appears to be solved by the fix for Bug 16059, marking it as duplicate. *** This bug has been marked as a duplicate of bug 16059 *** -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804 --- Comment #15 from Tomasz Mon --- (In reply to Peter Wu from comment #14) > Tomasz' fix for Bug 16059 might actually address the root cause of this bug. > Tomasz, should I close this bug as a duplicate of the other? > > The key log file is not expected to contain duplicates, so the existing use > of wmem_file_scoped memory seemed fine. If that is somehow changed, then all > users of the returned memory must be audited to avoid use-after-frees when > hashtable entries are overwritten. The key log entires are not the only ones that are subject to duplicates. The fix to 16059 pretty much eliminates the insane amount of duplicate allocations in TLS hash tables. When opening my reference TLS pcapng file (simply captured youtube traffic on my computer), I observed (total) 214 obsolete entries in "Client Random" and "Session ID". -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804 Peter Wu changed: What|Removed |Added Status|UNCONFIRMED |CONFIRMED Ever confirmed|0 |1 --- Comment #14 from Peter Wu --- Tomasz' fix for Bug 16059 might actually address the root cause of this bug. Tomasz, should I close this bug as a duplicate of the other? The key log file is not expected to contain duplicates, so the existing use of wmem_file_scoped memory seemed fine. If that is somehow changed, then all users of the returned memory must be audited to avoid use-after-frees when hashtable entries are overwritten. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804 Tomasz Mon changed: What|Removed |Added CC||deso...@gmail.com --- Comment #13 from Tomasz Mon --- (In reply to Patrick from comment #5) > I think it might be loading that once for each ssl packet. This is indeed the case on Windows. This triggers the really high memory usage in hash tables. See 16059 for discussion on the reason why it reloads the file on each ssl packet. The fix to 16059 significantly reduces the impact of underlying root cause of this bug. Simply providing a key/value destory func like: >+static void free_wmem_file_scope(gpointer data) >+{ >+wmem_free(wmem_file_scope(), data); >+} and using it to create hash tables in packet-tls-utils.c like: >mk_map->session = g_hash_table_new_full(ssl_hash, ssl_equal, > free_wmem_file_scope, free_wmem_file_scope); is not solving the issue as the obsolete entries (that were passed to free_wmem_file_scope) are interleaved with other allocations that cannot be freed until the file gets closed. The solution would be to not use the file scope here, but a standard g_malloc()/g_free() and provide g_free as the key and value destory notify to g_hash_table_new_full() (that could be used instead of g_hash_table_new()). -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804 Peter Wu changed: What|Removed |Added See Also||https://bugs.wireshark.org/ ||bugzilla/show_bug.cgi?id=16 ||059 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804 Peter Wuchanged: What|Removed |Added CC||byron.ro...@gmail.com --- Comment #12 from Peter Wu --- *** Bug 13019 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804 Peter Wuchanged: What|Removed |Added Summary|Version 2.0.5 maybe TLS |Large SSL/TLS keylog file |dissector having problems. |results in even more memory |Single packet causes 200MB+ |usage |of memory usage | -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe