Changeset 0b30f38 in rtems-libbsd


Ignore:
Timestamp:
02/22/22 08:25:36 (8 months ago)
Author:
Christian Mauderer <christian.mauderer@…>
Branches:
master
Children:
769c5b0
Parents:
1b6529e
git-author:
Christian Mauderer <christian.mauderer@…> (02/22/22 08:25:36)
git-committer:
Christian Mauderer <christian.mauderer@…> (02/24/22 09:20:12)
Message:

ipsec-tools: Reduce allocated buffer size

By default, pfkey allocates a 2MB buffer that is used for SPD entries.
This size is a good choice for a server system where a lot of clients
should be handled. But on our embedded systems, an application with that
much clients is unlikely and 2MB is a lot of space. So reduce that to
the default value of 128kB which should be enough for a small number of
ipsec connections.

See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
why the upstream project originally increased the size.

If someone really needs a bigger size, there is a option in the
configuration file of pfkey called pfkey_buffer that can overwrite
this value.

Closes #4621

File:
1 edited

Legend:

Unmodified
Added
Removed
  • ipsec-tools/src/libipsec/pfkey.c

    r1b6529e r0b30f38  
    18371837                        &bufsiz_wanted, sizeof(bufsiz_wanted));
    18381838
     1839#ifndef __rtems__
    18391840        /* Try to have have at least 2MB. If we have more, do not lower it. */
    18401841        bufsiz_wanted = 2 * 1024 * 1024;
     1842#else /* __rtems__ */
     1843        /*
     1844         * The bufsize_wanted has an influence on the maximum number of SPDs. We
     1845         * don't really need that much of them on an embedded system. If some
     1846         * application really needs it, this can be overwritten with the
     1847         * pfkey_buffer option in the config file.
     1848         */
     1849        bufsiz_wanted = 128 * 1024;
     1850#endif /* __rtems__ */
    18411851        len = sizeof(bufsiz_current);
    18421852        ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
Note: See TracChangeset for help on using the changeset viewer.