Description of problem: We are currently seeing a memory leak when the ip_conntrack_ftp module is loaded into the kernel. THe leak can be seen in the difference between what /proc/slabinfo and /proc/net/ip_conntrack lists as the number of items in their caches. The slabinfo fills up slowly and eventually the machine will report that it. Version-Release number of selected component (if applicable): 2.4.20-24 and 2.4.20-27 have had this problem. How reproducible: 100% with a simple ftp firewall iptables -i lo -A INPUT -j ACCEPT iptables -i eth0 -A INPUT -p icmp -j ACCEPT iptables -i eth0 -A INPUT -p tcp --dport 21 -j ACCEPT iptables -i eth0 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -i eth0 -A OUTPUT -j ACCEPT Steps to Reproduce: 1. insert firewall 2. ping and do lots of downloads 3. watch box fall over after 7 days.
The fix is to not use the patches for netfilter that seem to be in one of the AC patches. I have found that using a 'clean' pom to the source code does not show this problem.. and the patch in question was stuck in one of the AC patch-balls. I have been able to replicate it in a RHL 9 kernel so it may still be relevant to Red Hat services currently. It is not replicable in Enterprise 2.1/3 (thankfully).
Thanks for the bug report. However, Red Hat no longer maintains this version of the product. Please upgrade to the latest version and open a new bug if the problem persists. The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, and if you believe this bug is interesting to them, please report the problem in the bug tracker at: http://bugzilla.fedora.us/