[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re: Firewall-1 Memory Leak
Scott, There were a couple of changes that were made going to ver 4+. What affected me was the way that the UDP rejects were handled. Below is a snippet from a multitude of emails that I received that seemed to solve the problem. My machine has bee up now for 177 days with no reboot and the majority of my swap space is still unused. > "Jeffrey L. Oliver" wrote: >> > >> > I was emailed a tip as follows: >> > >> > *************************** >> > Gentlemen, >> > >> > I too suffered long and hard with this problem, sending many dumps to SUN, >> > talking myself blue in the face to my VAR. Finally, a friend at CKP, >> > pointed me to a url. They used >> > to have www pages that listed known bugs and the associated FW >> > version/level along with operating systems. Oh, how I long for those days, >> > the knowledge base is almost useless >> > in my opinion. I would much prefer to page through ALL known problems, >> > what >> > is to say I don't have a problem that I have yet to even find!!!!! But I >> > have rambled enough. >> > >> > This patch worked for me... running FW 4.0 sp1 on Solaris 2.6 with >> > recommend security patches. The following came directly from a "old" CKP >> > page. (Remember back up the file >> > before altering, AND, I nor my employer take no responsibility; just >> > trying to help.) >> > >> > 1. Stop Firewall-1 by running $FWDIR/bin/stop. >> > 2. Edit $FWDIR/conf/objects.C After the line: :props( Add the line: >> > :udp_reject (false) >> > 3. Start Firewall-1 by running $FWDIR/bin/fwstart. >> > >> > Good luck, Hope that this helps, Jeff "Boomgaardt, Scott" wrote: > > Jeff, > > I found your post to a mailing list today detailing a problem that I believe > we are experiencing. I found by looking at a customized ps output ("ps -e > -o "pcpu pmem vsz rss osz pid user args" | grep alertd") that the alertd > process is the one eating up memory in 8k chunks as you mentioned in your > post. > > We're currently running FW-1 version 4.1 build 41439 on an E-250 with > Solaris 7. > > Was a resolution found for your problem? I've looked briefly at > Checkpoint's site with no results. > > Thanks for your help! > Scott > > Scott Boomgaardt > EDS Canada Firewall Team > London Solution Centre > 150 Dufferin Ave. Suite 300 > London, ON N6A 5N6 > * phone:> * mailto:[email protected] > > FROM: Jeffrey L. Oliver > DATE: 07/11/2000 10:28:58 > SUBJECT: RE: [FW1] Solaris machine hangs > > Hans, > > No, all I have running is the following: > > dogbert:/ # ps -ef > UID PID PPID C STIME TTY TIME CMD > root 0 0 0 03:31:09 ? 0:00 sched > root 1 0 0 03:31:09 ? 0:00 /etc/init - > root 2 0 0 03:31:09 ? 0:00 pageout > root 3 0 0 03:31:09 ? 0:00 fsflush > root 326 323 0 03:31:56 ? 0:00 /usr/lib/saf/ttymon > root 134 1 0 03:31:21 ? 0:00 /etc/fw.boot/fwboot bootd > root 323 1 0 03:31:55 ? 0:00 /usr/lib/saf/sac -t 300 > root 280 1 0 03:31:43 ? 0:01 /usr/sbin/vold > root 243 1 0 03:31:41 ? 0:00 /usr/sbin/syslogd > root 251 1 0 03:31:42 ? 0:00 /usr/sbin/cron > root 257 1 0 03:31:42 ? 0:00 /usr/sbin/nscd > root 238 1 0 03:31:41 ? 0:00 /usr/sbin/inetd -s > root 395 389 1 08:36:51 pts/0 0:00 -ksh > root 324 1 0 03:31:55 console 0:00 /usr/lib/saf/ttymon -g -h -p > dogbert console login: -T sun -d > root 271 1 0 03:31:43 ? 0:00 /usr/lib/utmpd > root 316 1 0 03:31:51 ? 0:00 /opt/CKPfw/bin/snmpd > root 315 310 0 03:31:50 ? 0:00 alertd -A -l > root 310 1 0 03:31:49 ? 0:02 fwd > root 318 1 0 03:31:52 ? 0:01 fwm > root 320 310 0 03:31:52 ? 0:01 mdq > root 470 395 0 11:25:50 pts/0 0:00 ps -ef > oliver 389 387 0 08:36:41 pts/0 0:00 -ksh > root 387 238 0 08:36:41 ? 0:00 in.telnetd > dogbert:/ # > > Jeff > > Hans Schaechl wrote: > > > > Hi Jeff, > > > > do you have by any chance Solaris automounter running? > > Are /etc/rc2.d/S74autofs and files /etc/auto_master etc. > > in place? If yes, disable the rc-script and/or comment out > > all lines in /etc/auto_* files. (In case you don`t use it ;)) > > > > Hans > > > > At 10:02 11.07.00 -0600, you wrote: > > > > >Dieter Gobbers wrote: > > > > > > > > On 10-Jul-00 Sujit Choudhury wrote: > > > > > > > > > > I have used fw ctl pstat command. > > > > > It says about 3Mbytes have been allocaated into FW-1`s kernel memory > > > > > and most of it is still available. > > > > > However looking at the way Solaris works, it appears that the size > of > > > > > freelist as found from vmstat and sar -r will apear to shrink to a > very > > > > > small value, determined by lotsfree. In our case we have used the > > > > > default which is 1/64 of the RAM i.e. 2Mbytyes. The problem usually > > > > > starts when the freelist attains the value of around 2Mbytes. > > > > > I was wondering whether increasing lostsfree (making it bigger that > > > > > 3Mbytes)would stop the machine hang. Has it been tried? > > > > > > > > > > Sujit > > > > > > > > > > > > > > >> Sujit Choudhury wrote: > > > > >> > > > > > >> > We are running Checkpoint FireWall-1 Version 4.0 Build 4094. I > have > > > > >> > applied service pack 4 and 5 to bring it up to the latest build. > The > > > > >> > hardware is Sun Ultra 5/10, with 128Mbytes of memory. The OS is > > > > >> > Solaris 2.6 with kernel patch 105181-21. I am not running CDE so > most > > > > >> > of the memory is used for running the OS and Firewall. > > > > >> > In spite of this I am getting system hang on a regular basis. It > seems > > > > >> > from sar output, whenever the free memory drops below a certain > figure > > > > >> > we are then in the danger zone. > > > > >> > Has anybody come across this thing or any solution for this? We > are > > > > >> > having great difficulty in maintaing our service. > > > > >> > > > > > >> > Many thanks > > > > >> > > > > > >> > Sujit > > > > > > > > >> > > > > >> Sujit, > > > > >> > > > > >> Just so you don`t feel all alone, I also am experiencing this > problem. > > > > >> From > > > > >> my standpoint, it looks like a memory leak. The Sun guys do not > think so. > > > > >> > > > > >> I have a Ultra 10 running 2.6, with the jumbo patch installed. The > machine > > > > >> has 128MB ram and 2 quad 10/100 nic`s. The console sits not logged > in at > > > > >> the login prompt (not openwin or cde). > > > > >> > > > > >> If I use vmstat on the box, I can see that the memory goes away in > about > > > > >> 8k chunks until I start using swap space. It then keeps chunking > away > > > > >> memory > > > > >> until I run out of swap and the machine will hang. > > > > >> > > > > >> As yet, I have not found a fix. > > > > >> > > > > >> Jeff > > > > > > > > Hello, > > > > > > > > We have the same problem here at our site, about every week our > firewall > > > > started to slow down and then stopped. We`ve been unable to use even > the > > > > console... > > > > I`ve written a few scripts to watch certain system > parameters/conditions which > > > > reboot the system if the defined limits are exceeded. > > > > During the "development" of those scripts I`ve noticed that the > available > > > > memory is decreasing without any sign who is consuming it. > > > > I always thought that this is caused due to the fact that I cannot > install any > > > > kernel patches on our server (E250/Solaris 2.6 HW3/98)... > > > > > > > > I could send you my scripts if you are interested. They don`t solve > the cause > > > > of the problem but the ugly effects are minimized. > > > > > > > > Greetings, > > > > > > > > Dieter Gobbers > > > > > >Something to note. I tried this a little while ago and am convinced > > >that it is not a FW-1 problem, but a OS/HW bug. > > > > > >I disabled the FW software from loading (renamed the startup scripts in > > >the /etc/rcX.d directories) and rebooted the box. Same thing, the > machine > > >lost memory in 8K chunks untilit died (no response even on the console). > > >This makes me think that it is an OS problem??? > > > > > >I don`t know if FW-1 makes modifications to the ethernet drivers when it > > >installs. If it does, there could be some problem with the mods. > > > > > > > > >Jeff > > -- > Sys Admin. It`s a dirty job, but someone said I had to do it! > ------------------------------------------------------------------------ > Jeffrey L. Oliver Tel:> Network Analyst Cell:> The University of Lethbridge > 4401 University Drive email: <EMAIL: PROTECTED> > </[email protected]_p_a_m> > Lethbridge, Alberta www: <http://home.uleth.ca/~jeff.oliver> > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > <http://www.checkpoint.com/services/mailing.html> > ============================================================================ > ==== -- Sys Admin. It's a dirty job, but someone said I had to do it! ------------------------------------------------------------------------ Jeffrey L. Oliver Tel:Network Analyst Cell:The University of Lethbridge 4401 University Drive email: [email protected] Lethbridge, Alberta www: http://home.uleth.ca/~jeff.oliver ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|