[Swan-dev] Fwd: [libreswan/libreswan] Pluto hangs on start up with large open file ulimit (ulimit -n) (#373)
Paul Wouters
paul at nohats.ca
Tue Oct 20 17:39:28 UTC 2020
Sent from my iPhone
Begin forwarded message:
> From: "Mark D. Gray" <notifications at github.com>
> Date: October 20, 2020 at 12:05:12 EDT
> To: libreswan/libreswan <libreswan at noreply.github.com>
> Cc: Subscribed <subscribed at noreply.github.com>
> Subject: [libreswan/libreswan] Pluto hangs on start up with large open file ulimit (ulimit -n) (#373)
> Reply-To: libreswan/libreswan <reply+AAW5L6P4APR54X7FG3MOFRN5TLV3FEVBNHHCWQPKIY at reply.github.com>
>
>
> Description
>
> When starting pluto on a machine with a large "open file" ulimit (e.g ulimit -n 1073741816), pluto is unresponsive for a long time (~30 minutes). This is due to it iterating over potentially open file descriptors at https://github.com/libreswan/libreswan/blob/fcddd2602368639a5fdec67cc740b1b624467fca/programs/pluto/plutomain.c#L1548.
>
> Reproduce
>
> This can be reproduced by running the following commands:
>
> # Shell 1:
> $ ulimit -n 1073741816
> $ /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --logfile /var/log/libreswan.log --nofork &
> # Shell 2:
> $ ipsec status
> Output
>
> Expected Output
>
> 000 using kernel interface: netkey
> ..
> ..
> ..
> 000 IPsec SAs: total(0), authenticated(0), anonymous(0)
> 000
> 000 Bare Shunt list:
> 000
> Actual Output
>
> N/A (ipsec status command hangs)
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub, or unsubscribe.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20201020/8a2a4b73/attachment.html>
More information about the Swan-dev
mailing list