Project

General

Profile

Feature #783

kernel-pfkey: recv socket buffer size too small

Added by Emeric Poupon over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
libhydra
Target version:
Start date:
09.12.2014
Due date:
Estimated time:
Resolution:
Fixed

Description

Hello,

Strongswan 5.2.1, FreeBSD 9.3.
Connection parameters:

conn test
leftsubnet=9.0.0.0/24
rightsubnet=172.16.2.248/29,172.16.2.240/29,172.16.2.232/29,172.16.2.224/29,172.16.2.216/29,172.16.2.208/29,172.16.2.200/29,172.16.2.192/29,172.16.2.184/29,172.16.2.176/29
auto=route

I always get the following errors when charon is initializing:
...
Dec 9 08:51:53 13[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:BLOWFISH_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.248/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.248/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.240/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.240/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.232/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.232/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.224/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.224/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.216/29 out
Dec 9 08:51:53 13[KNL] error sending to PF_KEY socket: No buffer space available
Dec 9 08:51:53 13[KNL] unable to add policy 9.0.0.0/24 === 172.16.2.216/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.216/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] error sending to PF_KEY socket: No buffer space available
Dec 9 08:51:53 13[KNL] unable to add policy 172.16.2.216/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[CFG] installing trap failed
Dec 9 08:51:53 13[KNL] deleting policy 9.0.0.0/24 === 172.16.2.248/29 out
Dec 9 08:51:53 13[KNL] error sending to PF_KEY socket: No buffer space available
Dec 9 08:51:53 13[KNL] unable to delete policy 9.0.0.0/24 === 172.16.2.248/29 out
Dec 9 08:51:53 13[KNL] deleting policy 172.16.2.248/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] error sending to PF_KEY socket: No buffer space available
Dec 9 08:51:53 13[KNL] unable to delete policy 172.16.2.248/29 === 9.0.0.0/24 in
...

Actually, the default raw socket size is quite small on FreeBSD (8k). Even if a lock prevents the "command" socket from being full, the event socket may be full before we get a chance to read messages on it.

An obvious fix is to change the default size of raw sockets of the system, but it is quite intrusive for other programs. It would be great to have the possibility to change the socket buffer size from the configuration file.

Note that only the receive buffer size of the event socket has to be modified.

Regards,

patch-kernel-pfkey-socket-events-rcvbuf (941 Bytes) patch-kernel-pfkey-socket-events-rcvbuf fix proposal Emeric Poupon, 09.12.2014 10:57

Associated revisions

Revision 96e61305 (diff)
Added by Tobias Brunner over 5 years ago

kernel-pfkey: Add option to set receive buffer size of event socket

If many requests are sent to the kernel the events generated by these
requests may fill the receive buffer before the daemon is able to read
these messages.

Fixes #783.

History

#1 Updated by Tobias Brunner over 5 years ago

  • Tracker changed from Issue to Feature
  • Category set to libhydra
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.3.0
  • Resolution set to Fixed

Applied to master with the referenced commit.

Also available in: Atom PDF