[Snort-devel] spp_tcp_stream3

william.c.gercken at ...350... william.c.gercken at ...350...
Mon May 14 16:48:24 EDT 2001


Marty, Todd,

I was running the code today and made some modifications to help isolate
the leak. It appears that the major problem (at least on our data) was the
free(sptr) in TcpStream3PruneSession(). Is this free really necessary. It
appears that all data management is now being done in the avl_tree, so
calling the deletenode() function for a given key, should free the memory
that was stored there. Is this a correct assumption?

Seems to be running ok now, although there still may be a "slight" leak
some where. When I started,  the code from CVS would not run for more then
a couple of seconds, currently it has been running for 30+ minutes without
crashing. I can generate some leak_finder logs if you are intrested.
Currently, it is managing around 3000 sessions. (I also had to bump up the
maxdepth to 16, to keep from tossing data.) I will create a patch file and
submit it so that you can review the changes to see if they make any sense.

Regards,
-bill

--
William C. Gercken
Provident Analysis Corporation
Office: (301) 763-5579





More information about the Snort-devel mailing list