[Bro] Bro Memory Consumtion
Seth Hall
hall.692 at osu.edu
Wed Mar 24 06:53:36 PDT 2010
On Mar 24, 2010, at 9:38 AM, Powell, Scott wrote:
> Yes, I did include '--enable-brov6' because we are getting ready to
> rollout IPv6 in or perimeter and I was also seeing messages from Bro
> that it was not compiled with IPv6 support (via "broctl diag").
Rebuild Bro without brov6 and int64 for now. Currently when you
enable IPv6, all IP addresses consume 128-bits of memory (even IPv4
addresses!). You can see that this is what's happening by looking at
the line in your prof.log that starts with "Conns:". It indicates
that memory consumed just by connection state is over 3G (3372528K).
There has been talk about changing things around so that IPv4
addresses still only take up 32-bits of memory even when IPv6 is
enabled, but I don't know where those discussions ended and I don't
know how difficult of a change that would be to make. Maybe Robin or
Vern will comment on that? :)
The IPv6 code has not been tested all that well either, so it's also
possible that there are some memory leaks or other bugs lurking that
could lead to high memory use.
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list