memory leak with vlan tagged traffic in switch mode

[Florian Schoedel]

Hi,

has anybody a running setup with 2 or more tinc daemons in switch mode which 
transport 8021q tagged traffic?
I am trying to connect two segments with about 4 x 1000 mac addresses 
(distributed on different vlans). I am always running out of memory on one 
side. This happens only on the side where the arp requests come from.
Currently there is no unicast traffic between the sides; only broadcasted 
arp requests.
It looks like tincd reserves memory with each arp request which isn't freed 
afterwards or
tincd builds internal structures for the arp cache, based on the wrong 
information from the ethernet header, when I transport 8021q tagged traffic.

If I change my config from switch to hub mode, everything works fine.
Are there any drawbacks If I use hub mode when there are only two connected 
sites?

Thanks for your help

Florian

-----Original Message-----
From: "Florian Schoedel" <Florian.Schoedel at meteringservice.de>
To: tinc-devel at tinc-vpn.org
Date: Wed, 11 Jun 2014 19:40:45 +0200
Subject: Fwd: memory leak


Hi,
I've observed this strange behaviour for a while in my test environment. It 
looks like that all problems gone away when I switch to "hub-mode" instead 
of switch mode.
Does tinc still work properly in switch mode when I transport vlan tagged 
traffic within that tunnel? In my environment the side, which is receiving 
arp requests from the wired interface, is running out of memory. The other 
side, which receivces the arp requests through the tunnel doesn't run out of 
memory.

Best regards


Florian



-----Original Message-----
From: "Florian Schoedel" <Florian.Schoedel at meteringservice.de>
To: tinc-devel at tinc-vpn.org
Date: Fri, 06 Jun 2014 09:50:33 +0200
Subject: memory leak


Hi,

I am running tinc on alpine linux 2.7.8 in 2 seperate environments. The 
first environment is running for about a month without any problems.
The second environment causes some trouble. It looks like a memory leak on 
the client side.

tincd.conf:

ConnectTo=ServerHost
Device=/dev/net/tun
Mode=switch
Name=ClientHost
PMTUDiscovery = yes
DeviceType=tap
PriorityInheritance = yes
Compression=10

hosts/ServerHost

Address=XXXX
PMTUDiscovery = yes
PriorityInheritance = yes
-----BEGIN RSA PUBLIC KEY-----
XXX
-----END RSA PUBLIC KEY-----



Linux Kernel 3.10.40-0-grsec #1-Alpine SMP Wed May 14 07:59:37 UTC 2014 
x86_64 Linux

apk info tinc
tinc-1.0.23-r1 description: tinc is a Virtual Private Network (VPN) daemon
tinc-1.0.23-r1 webpage: http://www.tinc-vpn.org/
tinc-1.0.23-r1 installed size: 180224

apk info openssl
openssl-1.0.1h-r0 description: Toolkit for SSL v2/v3 and TLS v1
openssl-1.0.1h-r0 webpage: http://openssl.org
openssl-1.0.1h-r0 installed size: 589824

apk info lzo
lzo-2.03-r5 description: LZO -- a real-time data compression library
lzo-2.03-r5 webpage: http://www.oberhumer.com/opensource/lzo
lzo-2.03-r5 installed size: 131072
It doesn't matter if I bypass-security or disable / enable compression.




Can anybody confirm, that tinc is running on alpine linux with this software 
versions?

Thanks a lot


Florian

Thüga MeteringService GmbH, Sitz: Naila, eingetragen beim Amtsgericht in Hof, HRB: 4125
Geschäftsführer: Peter Hornfischer
StNr.: 223/140/10756, geführt beim Finanzamt Hof, USt-ID-Nr.: DE 246359579
Bankverbindung: BayernLB München, BLZ 700 500 00, Konto-Nr. 4113816
Geschäftsadresse Thüga MeteringService GmbH, Zum Kugelfang 2, 95119 Naila


Haftungsausschluss: Diese Nachricht erhält vertrauliche Informationen, welche nur für den Empfänger bestimmt sind. Falls Sie diese Nachricht irrtümlicherweise erhalten haben, 
benachrichtigen Sie uns bitte sofort und vernichten Sie sämtliche Kopien (digital/Papier). Danke.
Disclaimer: The information contained in this message is confidential and may only be used by the intended recipient. If you received it in error, 
please notify us immediately and destroy any copies (digital and paper). Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140612/23b97e4b/attachment.html>