Bug #217
PFKEY resource problem using 5.0.0
| Status: | Closed | Start date: | 13.08.2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | Tobias Brunner | % Done: | 0% | |
| Category: | libhydra | |||
| Target version: | 5.0.1 | |||
| Affected version: | 5.0.0 | Resolution: | Fixed |
Description
There appears to be a problem using FreeBSD (9.0) with strongswan-5.0.0 due to starter now allocating a PFKEY socket.
Tentative analysis is that PFkey responses are "broadcast" to all PFkey sockets as per PFKEY specs but starter's socket buffers are not being received leading to resource problems.
No problems with strongswan 4.5.3
Associated revisions
Only load kernel plugins in starter when flushing SAD/SPD entries
This avoids keeping the kernel sockets open when they are not actually
needed, which could lead to resource problems (in particular with PF_KEY
where all open sockets receive all messages).
Fixes #217.
History
#1 Updated by Tobias Brunner 9 months ago
- File 0001-Only-load-kernel-plugins-in-starter-when-flushing-SA.patch
added - Status changed from New to Assigned
- Assignee set to Tobias Brunner
- Target version set to 5.0.1
You are right, my attempt to solve this problem (05ca56558) was insufficient. As you correctly state all open PF_KEY sockets receive messages sent by the kernel. An earlier approach was to make starter multi-threaded, thus, enabling it to read from these sockets. Unfortunately, this lead to strange effects on certain systems. Since starter uses the kernel plugins only to flush the kernel's SAD and SPD entries when it shuts down they don't actually need to be loaded during its whole runtime. The attached patch changes starter to do so, i.e. load the plugins only when needed and unload them directly afterwards.
#2 Updated by Tobias Brunner 9 months ago
- Status changed from Assigned to Resolved
- Resolution set to Fixed
#3 Updated by Tobias Brunner 9 months ago
- Status changed from Resolved to Closed