[rtems-libbsd commit] ipsec-tools: Reduce allocated buffer size

Christian Mauderer christianm at rtems.org
Thu Feb 24 09:11:54 UTC 2022


Module:    rtems-libbsd
Branch:    master
Commit:    0b30f38951d5f6291e9691ce8eb51a14242e26be
Changeset: http://git.rtems.org/rtems-libbsd/commit/?id=0b30f38951d5f6291e9691ce8eb51a14242e26be

Author:    Christian Mauderer <christian.mauderer at embedded-brains.de>
Date:      Tue Feb 22 09:25:36 2022 +0100

ipsec-tools: Reduce allocated buffer size

By default, pfkey allocates a 2MB buffer that is used for SPD entries.
This size is a good choice for a server system where a lot of clients
should be handled. But on our embedded systems, an application with that
much clients is unlikely and 2MB is a lot of space. So reduce that to
the default value of 128kB which should be enough for a small number of
ipsec connections.

See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
why the upstream project originally increased the size.

If someone really needs a bigger size, there is a option in the
configuration file of pfkey called `pfkey_buffer` that can overwrite
this value.

Closes #4621

---

 ipsec-tools/src/libipsec/pfkey.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ipsec-tools/src/libipsec/pfkey.c b/ipsec-tools/src/libipsec/pfkey.c
index 385a21a..cc6ad81 100644
--- a/ipsec-tools/src/libipsec/pfkey.c
+++ b/ipsec-tools/src/libipsec/pfkey.c
@@ -1836,8 +1836,18 @@ pfkey_open(void)
 		(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
 			&bufsiz_wanted, sizeof(bufsiz_wanted));
 
+#ifndef __rtems__
 	/* Try to have have at least 2MB. If we have more, do not lower it. */
 	bufsiz_wanted = 2 * 1024 * 1024;
+#else /* __rtems__ */
+	/*
+	 * The bufsize_wanted has an influence on the maximum number of SPDs. We
+	 * don't really need that much of them on an embedded system. If some
+	 * application really needs it, this can be overwritten with the
+	 * pfkey_buffer option in the config file.
+	 */
+	bufsiz_wanted = 128 * 1024;
+#endif /* __rtems__ */
 	len = sizeof(bufsiz_current);
 	ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
 		&bufsiz_current, &len);



More information about the vc mailing list