[Swan] Thousand of log events per second
Paul Wouters
paul at nohats.ca
Wed May 24 20:46:05 EEST 2023
On Wed, 24 May 2023, Ian Willis wrote:
> I'm seeing a huge number of these events in the journalctl log, about 20000 per second on Rocky linux 8,
> libreswan-4.5-1.el8_7.1.x86_64
>
> This is the only host which uses TCP rather than UDP. When using UDP on occasions the host (right side) won't connect as it appears
> to be identified as another host. (Another issue for later)
>
> "connection from X.X.X.X:28007: IKETCP ENABLED: socket 14: 0 byte packet indicates EOF"
Can you check (preferably on a host in front of this machine, using
tcpdump) whether the libreswan machine is receiving (small) TCP packets
or whether it is not receiving anything and generating these?
It could be the peer sending TCP packets without real data. Or it could
be a kernel bug generating userland communication.
Alternatively, try a RHEL9 based kernel that I think might have better
ESPinTCP support.
Paul
More information about the Swan
mailing list