ntopng/doc/README.leaks_detector.md

## Introduction and Prerequisites

ntopng can be built with the support for the LLVM leaks sanitizer (https://clang.llvm.org/docs/LeakSanitizer.html).
On Ubuntu you can install it with 

```
sudo apt-get install -y clang-10  clang-tools-10
```

## Compilation

Then you need to compile ntopng as follows

```
  cd ~/ntopng
  ./autogen.sh && ./configure --with-sanitizer
  make
```

If you want to use nDPI with leak detection support you need to do

```
  cd ~/nDPI
  ./configure --with-sanitizer
  make
```

## Running

In order to enable the leaks sanitizer, it is necessary to set the `ASAN_OPTIONS=detect_leaks=1`
environment variable, for example with:

```
  sudo ASAN_OPTIONS=detect_leaks=1 LSAN_OPTIONS=verbosity=1 ./ntopng -i enp6s0f1 --dont-change-user
```

it is important to use --dont-change-user as otherwise the leak detection will fail with the following error

```
==32547==LeakSanitizer has encountered a fatal error.
==32547==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
==32547==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
```

## Leak Analysis

In case there are some leaks detected, when killing (nicely) ntopng, a memore leak log (note tht no leaks no log is generated) is produced. The log contains lines as the one below specifying where the memory leak has been encountered:

```
Direct leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x4a175d in malloc (/home/ntop/ntopng/ntopng+0x4a175d)
    #1 0x7f0b3ef0438b in pcap_create_interface /home/ntop/PF_RING/userland/libpcap/./pcap-linux.c:493
    #2 0x6220000041e3  (<unknown module>)
```


## Notes

The leak detector also identifies invalid memory accesses. The performance impact of running the address sanitizer is about
a 2x slowdown (https://clang.llvm.org/docs/AddressSanitizer.html).