[Swan-dev] Fwd: [libreswan/libreswan] Pluto hangs on start up with large open file ulimit (ulimit -n) (#373)

Paul Wouters paul at nohats.ca
Tue Oct 20 17:39:28 UTC 2020



Sent from my iPhone

Begin forwarded message:

> From: "Mark D. Gray" <notifications at github.com>
> Date: October 20, 2020 at 12:05:12 EDT
> To: libreswan/libreswan <libreswan at noreply.github.com>
> Cc: Subscribed <subscribed at noreply.github.com>
> Subject: [libreswan/libreswan] Pluto hangs on start up with large open file ulimit (ulimit -n) (#373)
> Reply-To: libreswan/libreswan <reply+AAW5L6P4APR54X7FG3MOFRN5TLV3FEVBNHHCWQPKIY at reply.github.com>
> 
> 
> Description
> 
> When starting pluto on a machine with a large "open file" ulimit (e.g ulimit -n 1073741816), pluto is unresponsive for a long time (~30 minutes). This is due to it iterating over potentially open file descriptors at https://github.com/libreswan/libreswan/blob/fcddd2602368639a5fdec67cc740b1b624467fca/programs/pluto/plutomain.c#L1548.
> 
> Reproduce
> 
> This can be reproduced by running the following commands:
> 
> # Shell 1:
> $ ulimit -n 1073741816
> $ /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --logfile /var/log/libreswan.log --nofork &
> # Shell 2:
> $ ipsec status
> Output
> 
> Expected Output
> 
> 000 using kernel interface: netkey
> ..
> ..
> ..
> 000 IPsec SAs: total(0), authenticated(0), anonymous(0)
> 000  
> 000 Bare Shunt list:
> 000  
> Actual Output
> 
> N/A (ipsec status command hangs)
> 
>> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub, or unsubscribe.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20201020/8a2a4b73/attachment.html>


More information about the Swan-dev mailing list