Project

General

Profile

Bug #217

PFKEY resource problem using 5.0.0

Added by Bill Wilson over 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Category:
libhydra
Target version:
Start date:
13.08.2012
Due date:
Estimated time:
Affected version:
5.0.0
Resolution:
Fixed

Description

There appears to be a problem using FreeBSD (9.0) with strongswan-5.0.0 due to starter now allocating a PFKEY socket.
Tentative analysis is that PFkey responses are "broadcast" to all PFkey sockets as per PFKEY specs but starter's socket buffers are not being received leading to resource problems.
No problems with strongswan 4.5.3

Associated revisions

Revision 71b89d67 (diff)
Added by Tobias Brunner about 7 years ago

Only load kernel plugins in starter when flushing SAD/SPD entries

This avoids keeping the kernel sockets open when they are not actually
needed, which could lead to resource problems (in particular with PF_KEY
where all open sockets receive all messages).

Fixes #217.

History

#1 Updated by Tobias Brunner over 7 years ago

You are right, my attempt to solve this problem (05ca56558) was insufficient. As you correctly state all open PF_KEY sockets receive messages sent by the kernel. An earlier approach was to make starter multi-threaded, thus, enabling it to read from these sockets. Unfortunately, this lead to strange effects on certain systems. Since starter uses the kernel plugins only to flush the kernel's SAD and SPD entries when it shuts down they don't actually need to be loaded during its whole runtime. The attached patch changes starter to do so, i.e. load the plugins only when needed and unload them directly afterwards.

#2 Updated by Tobias Brunner about 7 years ago

  • Status changed from Assigned to Resolved
  • Resolution set to Fixed

#3 Updated by Tobias Brunner about 7 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF