Memory usage climbing

cmb

tcpdump is for the firewall logs, assuming it's running on pflog which it almost certainly is. Whether or not increasing memory usage is something to worry about depends on how it's increasing. If it steadily increases forever, that's an issue. If it stays where it is more or less after it's been up a while, which is typical, then that's fine.

cpthk

It just ate up all my memories: 94% memory, 64% SWAP

last pid: 47724;  load averages:  0.24,  0.32,  0.34  up 35+00:22:37    06:43:58
114 processes: 3 running, 96 sleeping, 15 waiting

Mem: 856M Active, 4316K Inact, 73M Wired, 30M Cache, 52M Buf, 136K Free
Swap: 2048M Total, 1318M Used, 729M Free, 64% Inuse

PID USERNAME PRI NICE   SIZE    RES STATE   C   TIME   WCPU COMMAND
  11 root     171 ki31     0K    32K CPU1    1 809.9H 98.19% {idle: cpu1}
  11 root     171 ki31     0K    32K RUN     0 785.4H 90.58% {idle: cpu0}
  19 root      50    -     0K    16K psleep  0 491:41  8.69% pagedaemon
11183 root      65   20  1477M   852M swread  0  59.3H  1.86% tcpdump
   3 root      -8    -     0K    16K -       0   9:14  0.29% g_up
  12 root     -68    -     0K   240K WAIT    1 262:35  0.20% {irq16: dc0 uhci0}
3344 root      70    0   104M  8488K piperd  0   0:07  0.10% php
  12 root     -32    -     0K   240K WAIT    1 307:06  0.00% {swi4: clock}
   0 root     -68    0     0K   112K -       0 119:43  0.00% {em0 taskq}
24300 root      44    0 14776K  1056K select  1  34:59  0.00% syslogd
  14 root      44    -     0K    16K -       1  15:37  0.00% yarrow
11359 root      64   20  5832K   220K piperd  0   7:44  0.00% logger
59743 root      76   20  8292K   324K wait    0   5:08  0.00% sh
29925 root      64   20  5836K   452K select  0   4:14  0.00% apinger
46248 nobody    44    0 10144K  1000K select  1   3:50  0.00% dnsmasq
   4 root      -8    -     0K    16K -       0   2:28  0.00% g_down
  12 root     -64    -     0K   240K WAIT    1   2:19  0.00% {irq19: uhci2 uhc}
  25 root      44    -     0K    16K syncer  1   2:15  0.00% syncer

stephenw10

Hmm, well that seems clearly wrong.

Are you experiencing any problems?

Steve

cpthk

The network is still fine, but when I login to admin dashboard, it is super slow.
This is obviously tcpdump problem. How do I tell which feature uses tcpdump exactly? I wanted to turn it off.

stephenw10

TBH I don't know. However as Chris said above it's used for firewall logging.
Have you changed the logging settings at all?
Do you have a large number of firewall rules?

Steve

cpthk

No, I only added 2 entries other than the default. Do you know how do I disable logging?

stephenw10

You can disable logging by the default block rule in:
Status: System logs: Settings:
I don't know much difference it will make since logging on other rules will still take place. It's worth a try though since it's easy to do.

Steve

jimp

Disabling logging of the default block doesn't disable that process, but it might lighten its load.

From the console or Diag > command, run: killall -9 tcpdump, then go to System > General and press Save, that should give tcpdump a kick and make it release all the memory it was holding.

I added a bit of code in 2.1 today to restart tcpdump from Status > System Logs on the Settings tab when Save is pressed. It was supposed to be restarted from System > General but it appears as though the code/test to match the tcpdump process may be incorrect ( I fixed that too, but I don't think it was matching properly on 2.0.x ).

stephenw10

Any reason it might climb like that though? I've not seen anyone else complaining about it. Some specific circumstance?  :-\

Steve

jimp

I have yet to reproduce it reliably, so I don't know. I've seen it maybe a half dozen times over the years, from 1.2 to 2.x. It's rare, but it does happen.

I don't know if it's due to an especially high/sustained rate of logging or something else that puts it over the edge.