|
The wad process has a memory leak on FortiOS 7.0.8 and 7.0.9 in the object ssl.fts.str.fstr_buffer_bytes.
The issue occurs when processing SSL/TLS traffic.
To confirm the device is matching this issue run show the memory usage of the user space processes:
# diagnose sys top-mem 99
wad (17503): 1238519kB <----- 1209,49 MB.
wad (17502): 623328kB
wad (17504): 605840kB
...
Here the WAD process with the process ID (PID) 17503 allocated about 1200 MB.
Verify these wad processes are of type worker with commands:
# diagnose debug reset
# diagnose debug enable
# diagnose test app wad 1000
...
Process [6]: type=worker(2) index=4 pid=17502 state=running
Process [7]: type=worker(2) index=5 pid=17503 state=running
Process [8]: type=worker(2) index=6 pid=17504 state=running
...
# diagnose debug disable
Confirm the wad workers leaks memory in object ssl.fts.str.fstr_buffer_bytes:
# diagnose wad stats worker | grep fstr_buffer
ssl.fts.str.fstr_buffer now 297596 max 382415 total 451041111
ssl.fts.str.fstr_buffer_bytes 3290818496 <----- 3138,37 MB.
Repeat the steps from above periodically to observe if memory increases i.e. after 30 minutes.
Workaround:
As a quick workaround, the wad processes can be restarted with the command:
# diag test app wad 99
This can be automated via the 'config system auto-script' feature.
Solution:
The solution is to upgrade to FortiOS versions 7.0.10, 7.2.4, or above.
|
