I have provided a workaround/possible fix for this issue in the ticket, https://trac.ipsec-tools.net/ticket/333 . Please let me know your comments.

On Thu, Mar 18, 2010 at 10:18 PM, s S <getlaser@gmail.com> wrote:
Hi Yvan,

The fix suggested in https://trac.ipsec-tools.net/ticket/269 does not solve the fd leak that I am getting.

On further analysis it was found that the function yycf_set_buffer() copies fds and file names to the array incstack[incstackp], only using first three indices i.e. 0,1 and 2. Even if we have, say 5 include files in the racoon.conf file the array incstack does not go beyond 2. As a result the entry at index 2 gets overwritten again and again.

As a result the open fds are lost. The function yycf_clean_buffer closes only the fds in the incstack array and the others are left open.

I am yet to find a solution for it, though decrementing incstackp at line#3572 in cftoken.c is found to be related to this issue.

Please let me know your thoughts.

Thanks in advance.


On 3/2/10, s S <getlaser@gmail.com> wrote:
Hi Yvan,
Thanks for the reply.
I came across a similar issue (https://trac.ipsec-tools.net/ticket/269),  guess this is the one that you have mentioned in your reply. I am going to try the fix given for this issue.
Thanks and Regards,

On Fri, Feb 26, 2010 at 9:51 PM, VANHULLEBUS Yvan <vanhu@free.fr> wrote:
On Fri, Feb 26, 2010 at 09:25:14PM +0530, s S wrote:
> Hi,

Kept the mail on @devel only, see below....

> Now the questions are,
> 1. Why Racoon has so many files at open state?

Sounds like a fd leak....

> 2. When will these files get closed?

In next release :-)
If I remember correctly, this is a known issue which have been fixed
in HEAD branch (so which will be in 0.8 release), can someone confirm
that ?

> 3. Is this a bug in Racoon?

Sounds like, yes.

> 4. Are there any other ways to configure racoon without facing this issue?
> Please share your views and help me in solving this issue.

If the fd leak is on file's fd, you can reduce it by generating a
single racoon.conf and stop using includes.... but it will probably
still happen (unless leak is specific to included files in the conf).


Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
Ipsec-tools-devel mailing list