Hi All!

We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections.

As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue.

rbz# 1780470

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.centos.org_mailman_listinfo_centos-2Ddevel&d=DwICAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=OAMtP0DWou0nlXG7Kmxo2enjXJfwb1DXS9fwcaESuTE&m=saKpAELEHCBOI8osWTM5BB10VLb8AkhDrCbaZcDQc4g&s=3S9uaZeqZkMHbLszrGxDeSbeplIPTVHDH9fLr9HGMrc&e= 

-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org