The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
VPN connection's records remain in the Global connections table even after the connection expires, causing a memory leak
|
Technical Level
|
Solution ID |
sk155332 |
Technical Level |
|
Product |
IPSec VPN |
Version |
R80.20 (EOL) |
OS |
Gaia |
Platform / Model |
All |
Date Created |
05-Jun-2019
|
Last Modified |
16-Oct-2019
|
Symptoms
- VPN connection's records remain in the Global connections table even after the connection expires, causing a memory leak. The memory leak reaches 90% within 7-10 days.
- Leak report shows the following output:
fw4_0];fw_drv_fini: 136 bytes allocated by 'simi_mem_halloc: simi_callqueue.c:306 (host ppak)' leaked at ffffc20030fb90c8 allocation time 5c5db216
[fw4_0];fw_drv_fini: 568 bytes allocated by 'simi_mem_halloc: esp_crypt.c:373 (host ppak)' leaked at ffffc20044341df8 allocation time 5c504d2d
[fw4_0];FW-1: fw_hmem_stat_report: total unfreed hmem allocations: 730, bytes 99632
[fw4_0];Starting SMEM allocations report
[fw4_0];FW-1: SMEM None logged: smem bytes 0, smem num of allocations 0
[fw4_0];FW-1: Leak in: fwbuf.c:1009: hmem_bytes 192
[fw4_0];FW-1: Leak in: simi_mem_halloc: simi_callqueue.c:306 (host ppak): hmem_bytes 98872
[fw4_0];FW-1: Leak in: simi_mem_halloc: esp_crypt.c:373 (host ppak): hmem_bytes 568
[fw4_0];Ended SMEM allocations report
[fw4_0];FW-1: driver removed
simi_mem_hfree: esp_crypt.c:403 (host ppak): Can't free memory allocated via FW, when FW is gone. ptr=ffffc20044341be8 size=536
Sim: 22 interfaces uninstalled
simi_mem_hfree: simi_callqueue.c:278 (host ppak): Can't free memory allocated via FW, when FW is gone. ptr=ffffc200f70e89b8 size=104
simi_mem_hfree: simi_callqueue.c:278 (host ppak): Can't free memory allocated via FW, when FW is gone. ptr=ffffc20033df1418 size=104
Cause
A significantly large number of gconn records caused the VPN connection's records to remain in the table even after the connection ended\expired.
Solution
|
Note: To view this solution you need to
Sign In
.
|