#16 Make pf_key socet buffer size configurable

closed-fixed
Timo Teras
None
5
2009-01-09
2008-10-08
Matthew Krenzer
No

On installations w/ many tunnels the default kernel socket receive buffer size is insufficient. On Linux in particular, if the buffer is not large enough to hold the output of an entire dump or spd dump request, then information is lost/droped which can cause confusion in racoon.

In the latest code there is an attempt to increase this buffer up to 1MB if possible, however even that can be insufficient (specifically we have about 2k tunnels and the buffer can exceed 5mb). So we have to continue tweaking the code on each upgrade.

This patch simply adds an optional parameter to the racoon.conf file to set the buffer size. If the buffer is already larger, it does nothing. If it can't set the buffer to the desired value, it logs a warning message w/ the actual value.

Discussion

  • Timo Teras
    Timo Teras
    2009-01-09

    Something like this was committed to CVS HEAD not long ago.

     
  • Timo Teras
    Timo Teras
    2009-01-09

    • assigned_to: nobody --> fabled80
    • status: open --> closed-fixed
     
  • Timo Teras
    Timo Teras
    2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.