we used iptables to filter traffic to userspace and used libnetfilter_queue to get the traffic, and simply verdict without any processing to the packets. Found memory leaks.
Then we built a kernel module to filter traffic to queue 0, and libnetfilter_queue is used to do the same. Still found memory leaks.
We also did another testing: in the kernel module, we do some condition check to all the packets, no matter pass or not simply "return NF_ACCEPT". In this test, libnetfilter_queue is not involved. Still found memory leaks. Without the kernel module, there will be no memory leaks.
The leaks are found after hours run. Based on the testing results, we think it is related to netfilter. Did we miss something or did something incorrectly? Is there any other replacement for netfilter?
we run the testings on a Newifi D2 router with openwrt-18.06.4.
Thanks for your help in advance in helping resolving the issue.
Well if you manage to find that netfilter is leaking... then report this to them... memory leaks are pretty bad so this should be top priority for them.
1 Like
Thanks for your advice and quick response. I sent a bug report to netfilter.org yesterday. No response yet.