Re: [Ipsec-tools-devel] setkey: do not shrink socket buffers anymore
Brought to you by:
mit_warlord,
netbsd
From: Marcelo L. <mle...@re...> - 2011-10-04 18:14:58
|
Sorry, I emailed a previous version of the patch, that doesn't even compile. Please, refer to this new one. Thanks, Marcelo On 10/04/2011 02:48 PM, Marcelo Leitner wrote: > Hi all, > > I've noticed setkey tool can't use racoon.cfg pfkey_buffer, as it > simply doesn't use that file. But it tries to raise the socket snd/rcv > buffers trying to handle more policies. > > But it ends up shrinking the buffers if you have sysctl > [rw]mem_default values tuned. > > We have a report of setkey tool failing due to small socket buffers > for dumping a big policy database. > > So I suggest using the attached patch. setkey tool will not decrease > the buffers anymore. > > What do you think? Any other ideas? I tried to be low impact on this > change, as probably we will backport it to ipsec-tools-0.6.5. > > Thanks, > Marcelo Leitner. > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > > > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel |