[PATCH rtems-libbsd] ipsec-tools: Reduce allocated buffer size

Chris Johns chrisj at rtems.org
Wed Feb 23 05:20:57 UTC 2022


OK and thanks

Chris

On 22/2/22 7:34 pm, Christian Mauderer wrote:
> By default, pfkey allocates a 2MB buffer that is used for SPD entries.
> This size is a good choice for a server system where a lot of clients
> should be handled. But on our embedded systems, an application with that
> much clients is unlikely and 2MB is a lot of space. So reduce that to
> the default value of 128kB which should be enough for a small number of
> ipsec connections.
> 
> See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
> why the upstream project originally increased the size.
> 
> If someone really needs a bigger size, there is a option in the
> configuration file of pfkey called `pfkey_buffer` that can overwrite
> this value.
> ---
>  ipsec-tools/src/libipsec/pfkey.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/ipsec-tools/src/libipsec/pfkey.c b/ipsec-tools/src/libipsec/pfkey.c
> index 385a21a9..cc6ad816 100644
> --- a/ipsec-tools/src/libipsec/pfkey.c
> +++ b/ipsec-tools/src/libipsec/pfkey.c
> @@ -1836,8 +1836,18 @@ pfkey_open(void)
>  		(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
>  			&bufsiz_wanted, sizeof(bufsiz_wanted));
>  
> +#ifndef __rtems__
>  	/* Try to have have at least 2MB. If we have more, do not lower it. */
>  	bufsiz_wanted = 2 * 1024 * 1024;
> +#else /* __rtems__ */
> +	/*
> +	 * The bufsize_wanted has an influence on the maximum number of SPDs. We
> +	 * don't really need that much of them on an embedded system. If some
> +	 * application really needs it, this can be overwritten with the
> +	 * pfkey_buffer option in the config file.
> +	 */
> +	bufsiz_wanted = 128 * 1024;
> +#endif /* __rtems__ */
>  	len = sizeof(bufsiz_current);
>  	ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
>  		&bufsiz_current, &len);


More information about the devel mailing list