[PATCH rtems-libbsd] ipsec-tools: Reduce allocated buffer size

Christian MAUDERER christian.mauderer at embedded-brains.de
Thu Feb 24 09:23:12 UTC 2022 

Thanks for the review. I pushed it.

Am 23.02.22 um 06:20 schrieb Chris Johns:
> OK and thanks
> 
> Chris
> 
> On 22/2/22 7:34 pm, Christian Mauderer wrote:
>> By default, pfkey allocates a 2MB buffer that is used for SPD entries.
>> This size is a good choice for a server system where a lot of clients
>> should be handled. But on our embedded systems, an application with that
>> much clients is unlikely and 2MB is a lot of space. So reduce that to
>> the default value of 128kB which should be enough for a small number of
>> ipsec connections.
>>
>> See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
>> why the upstream project originally increased the size.
>>
>> If someone really needs a bigger size, there is a option in the
>> configuration file of pfkey called `pfkey_buffer` that can overwrite
>> this value.
>> ---
>>   ipsec-tools/src/libipsec/pfkey.c | 10 ++++++++++
>>   1 file changed, 10 insertions(+)
>>
>> diff --git a/ipsec-tools/src/libipsec/pfkey.c b/ipsec-tools/src/libipsec/pfkey.c
>> index 385a21a9..cc6ad816 100644
>> --- a/ipsec-tools/src/libipsec/pfkey.c
>> +++ b/ipsec-tools/src/libipsec/pfkey.c
>> @@ -1836,8 +1836,18 @@ pfkey_open(void)
>>   		(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
>>   			&bufsiz_wanted, sizeof(bufsiz_wanted));
>>   
>> +#ifndef __rtems__
>>   	/* Try to have have at least 2MB. If we have more, do not lower it. */
>>   	bufsiz_wanted = 2 * 1024 * 1024;
>> +#else /* __rtems__ */
>> +	/*
>> +	 * The bufsize_wanted has an influence on the maximum number of SPDs. We
>> +	 * don't really need that much of them on an embedded system. If some
>> +	 * application really needs it, this can be overwritten with the
>> +	 * pfkey_buffer option in the config file.
>> +	 */
>> +	bufsiz_wanted = 128 * 1024;
>> +#endif /* __rtems__ */
>>   	len = sizeof(bufsiz_current);
>>   	ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
>>   		&bufsiz_current, &len);

-- 
--------------------------------------------
embedded brains GmbH
Herr Christian MAUDERER
Dornierstr. 4
82178 Puchheim
Germany
email: christian.mauderer at embedded-brains.de
phone: +49-89-18 94 741 - 18
fax:   +49-89-18 94 741 - 08

Registergericht: Amtsgericht München
Registernummer: HRB 157899
Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler
Unsere Datenschutzerklärung finden Sie hier:
https://embedded-brains.de/datenschutzerklaerung/

More information about the devel mailing list