Netgate SG-1000 microFirewall

Author Topic: Possible tcpdump memory usage issue  (Read 6053 times)

0 Members and 1 Guest are viewing this topic.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21374
  • Karma: +1431/-26
    • View Profile
Possible tcpdump memory usage issue
« on: December 13, 2008, 03:59:26 pm »
Upon logging into a pfSense box upon which I'm testing 1.2.1-RC2, I noticed that the memory usage was a bit high. I logged into the console and checked a bit, and it seems tcpdump is consuming a large amount of memory monitoring the pflog0 interface:

USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root     384  0.0 17.2 180800 177644 con- S    Mon10AM  80:05.90 /usr/sbin/tcpdump -s 256 -v -l -n -e -ttt -i pflog0


This test box has been up for a little over 5 days.

A 1.2-RELEASE box that has been up for 155 days shows much lower memory usage for the same process:
USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root   26486  0.0  4.7 12588 11564  ??  S    10Aug08  14:52.95 /usr/sbin/tcpdump -v -l -n -e -ttt -i pflog0


Furthermore, the memory usage is growing on the 1.2.1-RC2 box, albeit very slowly. About 5 minutes prior to that first ps output, it was 179776/177396.

What factors could be affecting the memory usage of tcpdump in this case? Would installed packages be a factor, or is that process solely for log collection purposes?

Or could this be a bug in tcpdump/FreeBSD/pfSense?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21374
  • Karma: +1431/-26
    • View Profile
Re: Possible tcpdump memory usage issue
« Reply #1 on: December 18, 2008, 10:25:32 am »
After upgrading to 1.2.1-RC3 on Monday, and letting it run a few days, the problem appears to be gone.


USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root     386  0.0  0.2  5696  1960 con- S    Mon12PM   0:05.94 /usr/sbin/tcpdump -s 256 -v -l -n -e -ttt


I'm still not sure what may have caused the symptoms I saw in my original post. Something sure made tcpdump chew through a lot of CPU time and memory in less than a week, but as long as it doesn't happen again it was probably a fluke or a side effect of the testing I had done.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!