#4621 closed enhancement (fixed)

libbsd/ipsec: ipsec-tools allocate big buffers

Reported by: Christian Mauderer Owned by: Christian Mauderer
Priority: normal Milestone:
Component: network/libbsd Version:
Severity: minor Keywords:
Cc: Blocked By:
Blocking:

Description

By default, pfkey allocates a 2MB buffer that is used for SPD entries.
This size is a good choice for a server system where a lot of clients
should be handled. But on our embedded systems, an application with that
much clients is unlikely and 2MB is a lot of space.

Change History (2)

comment:1 Changed on 02/24/22 at 09:11:57 by Christian Mauderer <christian.mauderer@…>

Resolution: fixed
Status: assignedclosed

In 0b30f38/rtems-libbsd:

ipsec-tools: Reduce allocated buffer size

By default, pfkey allocates a 2MB buffer that is used for SPD entries.
This size is a good choice for a server system where a lot of clients
should be handled. But on our embedded systems, an application with that
much clients is unlikely and 2MB is a lot of space. So reduce that to
the default value of 128kB which should be enough for a small number of
ipsec connections.

See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
why the upstream project originally increased the size.

If someone really needs a bigger size, there is a option in the
configuration file of pfkey called pfkey_buffer that can overwrite
this value.

Closes #4621

comment:2 Changed on 02/24/22 at 09:13:02 by Christian Mauderer <christian.mauderer@…>

In 330f65f9/rtems-libbsd:

ipsec-tools: Reduce allocated buffer size

By default, pfkey allocates a 2MB buffer that is used for SPD entries.
This size is a good choice for a server system where a lot of clients
should be handled. But on our embedded systems, an application with that
much clients is unlikely and 2MB is a lot of space. So reduce that to
the default value of 128kB which should be enough for a small number of
ipsec connections.

See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
why the upstream project originally increased the size.

If someone really needs a bigger size, there is a option in the
configuration file of pfkey called pfkey_buffer that can overwrite
this value.

Closes #4621

Note: See TracTickets for help on using tickets.