[PATCH rtems-libbsd] ipsec-tools: Reduce allocated buffer size
Chris Johns
chrisj at rtems.org
Wed Feb 23 05:20:57 UTC 2022
OK and thanks
Chris
On 22/2/22 7:34 pm, Christian Mauderer wrote:
> By default, pfkey allocates a 2MB buffer that is used for SPD entries.
> This size is a good choice for a server system where a lot of clients
> should be handled. But on our embedded systems, an application with that
> much clients is unlikely and 2MB is a lot of space. So reduce that to
> the default value of 128kB which should be enough for a small number of
> ipsec connections.
>
> See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
> why the upstream project originally increased the size.
>
> If someone really needs a bigger size, there is a option in the
> configuration file of pfkey called `pfkey_buffer` that can overwrite
> this value.
> ---
> ipsec-tools/src/libipsec/pfkey.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/ipsec-tools/src/libipsec/pfkey.c b/ipsec-tools/src/libipsec/pfkey.c
> index 385a21a9..cc6ad816 100644
> --- a/ipsec-tools/src/libipsec/pfkey.c
> +++ b/ipsec-tools/src/libipsec/pfkey.c
> @@ -1836,8 +1836,18 @@ pfkey_open(void)
> (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
> &bufsiz_wanted, sizeof(bufsiz_wanted));
>
> +#ifndef __rtems__
> /* Try to have have at least 2MB. If we have more, do not lower it. */
> bufsiz_wanted = 2 * 1024 * 1024;
> +#else /* __rtems__ */
> + /*
> + * The bufsize_wanted has an influence on the maximum number of SPDs. We
> + * don't really need that much of them on an embedded system. If some
> + * application really needs it, this can be overwritten with the
> + * pfkey_buffer option in the config file.
> + */
> + bufsiz_wanted = 128 * 1024;
> +#endif /* __rtems__ */
> len = sizeof(bufsiz_current);
> ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
> &bufsiz_current, &len);
More information about the devel
mailing list