PFKEY resource problem using 5.0.0
There appears to be a problem using FreeBSD (9.0) with strongswan-5.0.0 due to starter now allocating a PFKEY socket.
Tentative analysis is that PFkey responses are "broadcast" to all PFkey sockets as per PFKEY specs but starter's socket buffers are not being received leading to resource problems.
No problems with strongswan 4.5.3
#1 Updated by Tobias Brunner about 8 years ago
- File 0001-Only-load-kernel-plugins-in-starter-when-flushing-SA.patch 0001-Only-load-kernel-plugins-in-starter-when-flushing-SA.patch added
- Status changed from New to Assigned
- Assignee set to Tobias Brunner
- Target version set to 5.0.1
You are right, my attempt to solve this problem (05ca56558) was insufficient. As you correctly state all open PF_KEY sockets receive messages sent by the kernel. An earlier approach was to make starter multi-threaded, thus, enabling it to read from these sockets. Unfortunately, this lead to strange effects on certain systems. Since starter uses the kernel plugins only to flush the kernel's SAD and SPD entries when it shuts down they don't actually need to be loaded during its whole runtime. The attached patch changes starter to do so, i.e. load the plugins only when needed and unload them directly afterwards.