[(the other) Ivan took a few days holidays, so I'm replacing him for
this issue.]
Andi, you spotted it, it was really the start of an IP header, and it
shows up that these are ESP packets for a quite complicated VPN tunnel
we have (re-routing packets from an office to another, with some NAT on
top of that). So openswan/ipsec.ko seems to be the problem here, I will
file a bug report there. Meanwhile we'll try to set up manual keying and
decrypt the encrypted payload to gather more details on the packets.
My apologies, the issue seems to be with an out-of-tree module, but we
really didn't think the problem was there (there's no correlation
between the leak increase and vpn/ike traffic). But it was interesting
to understand slabs, learn how to setup/use crash, and analyze memory
bits :)
Thanks again to all the people who helped !
Ivan Mitev
Andi Kleen wrote:
Nothing that looks like a struct net_device. All the dumped leaked slab
look the same until "45 20 05 d8" (the ascii 'E' on the 3rd line).
45 ... is often the start of an IP header (IPv4, 5*4=20 bytes length)
You could dump them to a file (e.g. using a sial script) and then
look at them with tcpdump or similar to get an idea what kinds
of packets they are.
-Andi
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
