[RADIATOR] memory leaks
Heikki Vatiainen
hvn at open.com.au
Wed Dec 18 08:33:59 UTC 2019
On 16/12/2019 11.37, Heikki Vatiainen wrote:
> On 29/11/2019 11.57, Jan Tomasek wrote:
>> I'm running Radiator as Czech eduroam proxy. I've about 450 peer RADIUS
>> servers, mostly (400+) using RadSec. I'm using CRL checking, which is
>> the main reason for its initial memory footprint but can hardly explain
>> memory leaks.
>
> It might be useful to see if, for example, CRL files are refreshed on
> the file system periodically and this corresponds to process size growth.
I took a closer look at CRL loading and noticed that with a very large
CRL file that is refreshed frequently, time stamp change is enough,
radiusd process size grows quickly. This turned out to be caused by
resources allocated by OpenSSL API not being freed by Radiator once the
CRL file had been processed.
Please go to https://www.open.com.au/radiator/downloads.html and proceed
to downloads. At the bottom of page listing the release packages for
4.24, there is a link to 4.24 patches. The fix to free resources is in
4.24-3.
The fix requires Net::SSLeay 1.46 which covers the most of current
distributions. Notably RHEL/CentOS 6 does unfortunately have
Net::SSLeay::X509_CRL_free() and on those systems the problem remains
and call to the said functions is not attempted.
Please see how it goes and let us know.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator
mailing list