Paul,
On 04/28/2015 09:51 PM, Paul Wouters wrote:
We have some leak detective code you can enable.
1) add --leak-detective to the startup argument list of pluto
(in the service file)
2) Let it run until you've seen the process get bigger.
3) nicely shut down pluto
(systemctl stop ipsec.service or ipsec whack --shutdown)
4) Check the logs for "leak" messages
Paul
Here's what I had after about 36 hours.
Apr 30 20:03:48 albuquerque pluto[30192]: leak: 4 * struct event in
event_schedule(), item size: 32
Apr 30 20:03:48 albuquerque pluto[30192]: leak: pluto crypto helpers,
item size: 64
Apr 30 20:03:48 albuquerque pluto[30192]: leak detective found 5 leaks,
total size 96
That doesn't seem like a whole lot to me, and making that 20 times worse
(for 20x the length of time) doesn't seem much worse either. I'll deploy
this to all of my servers and report back in a while.
--Will
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
