Feature #783
kernel-pfkey: recv socket buffer size too small
Description
Hello,
Strongswan 5.2.1, FreeBSD 9.3.
Connection parameters:
conn test
leftsubnet=9.0.0.0/24
rightsubnet=172.16.2.248/29,172.16.2.240/29,172.16.2.232/29,172.16.2.224/29,172.16.2.216/29,172.16.2.208/29,172.16.2.200/29,172.16.2.192/29,172.16.2.184/29,172.16.2.176/29
auto=route
I always get the following errors when charon is initializing:
...
Dec 9 08:51:53 13[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:BLOWFISH_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.248/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.248/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.240/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.240/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.232/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.232/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.224/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.224/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] adding policy 9.0.0.0/24 === 172.16.2.216/29 out
Dec 9 08:51:53 13[KNL] error sending to PF_KEY socket: No buffer space available
Dec 9 08:51:53 13[KNL] unable to add policy 9.0.0.0/24 === 172.16.2.216/29 out
Dec 9 08:51:53 13[KNL] adding policy 172.16.2.216/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] error sending to PF_KEY socket: No buffer space available
Dec 9 08:51:53 13[KNL] unable to add policy 172.16.2.216/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[CFG] installing trap failed
Dec 9 08:51:53 13[KNL] deleting policy 9.0.0.0/24 === 172.16.2.248/29 out
Dec 9 08:51:53 13[KNL] error sending to PF_KEY socket: No buffer space available
Dec 9 08:51:53 13[KNL] unable to delete policy 9.0.0.0/24 === 172.16.2.248/29 out
Dec 9 08:51:53 13[KNL] deleting policy 172.16.2.248/29 === 9.0.0.0/24 in
Dec 9 08:51:53 13[KNL] error sending to PF_KEY socket: No buffer space available
Dec 9 08:51:53 13[KNL] unable to delete policy 172.16.2.248/29 === 9.0.0.0/24 in
...
Actually, the default raw socket size is quite small on FreeBSD (8k). Even if a lock prevents the "command" socket from being full, the event socket may be full before we get a chance to read messages on it.
An obvious fix is to change the default size of raw sockets of the system, but it is quite intrusive for other programs. It would be great to have the possibility to change the socket buffer size from the configuration file.
Note that only the receive buffer size of the event socket has to be modified.
Regards,
Associated revisions
History
#1 Updated by Tobias Brunner almost 6 years ago
- Tracker changed from Issue to Feature
- Category set to libhydra
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Target version set to 5.3.0
- Resolution set to Fixed
Applied to master with the referenced commit.
kernel-pfkey: Add option to set receive buffer size of event socket
If many requests are sent to the kernel the events generated by these
requests may fill the receive buffer before the daemon is able to read
these messages.
Fixes #783.