[Bro-Dev] #565: Excessive memory usage of SSL analyzer -- topic/gregor/ssl-fix

Bro Tracker bro at tracker.bro-ids.org
Tue Aug 23 20:14:10 PDT 2011

#565: Excessive memory usage of SSL analyzer -- topic/gregor/ssl-fix
 Reporter:  gregor   |      Owner:  robin
     Type:  Problem  |     Status:  new
 Priority:  Normal   |  Milestone:  Bro1.6
Component:  Bro      |    Version:  git/master
 Keywords:  BETA     |
 I've discovered excessive memory usage when running master. After some
 digging it appears that the SSL analyzer is causing it on connections with
 content gaps. At first I suspected a memory leak but it appears that it's
 in fact not a leak but just excessive usage while the connection remains
 established. Since there are some very long-lived imaps connections, it
 actually looks like a leak. (I won't rule out that it might still be a
 leak though).

 A quick fix that works is to not deliver any more data to the binpac
 analyzer after a content gap, which this branch does. However, I think the
 root of the problem is either in binpac itself or in the SSL analyzer
 since binpac has a NewGap() method....

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/565>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list