[Bro-Dev] #565: Excessive memory usage of SSL analyzer -- topic/gregor/ssl-fix
Bro Tracker
bro at tracker.bro-ids.org
Tue Aug 23 20:14:10 PDT 2011
#565: Excessive memory usage of SSL analyzer -- topic/gregor/ssl-fix
---------------------+------------------------
Reporter: gregor | Owner: robin
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: BETA |
---------------------+------------------------
I've discovered excessive memory usage when running master. After some
digging it appears that the SSL analyzer is causing it on connections with
content gaps. At first I suspected a memory leak but it appears that it's
in fact not a leak but just excessive usage while the connection remains
established. Since there are some very long-lived imaps connections, it
actually looks like a leak. (I won't rule out that it might still be a
leak though).
A quick fix that works is to not deliver any more data to the binpac
analyzer after a content gap, which this branch does. However, I think the
root of the problem is either in binpac itself or in the SSL analyzer
since binpac has a NewGap() method....
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/565>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list