[strongSwan-dev] charon deadlock involving three threads
Tobias Brunner
tobias at strongswan.org
Thu Dec 29 19:07:31 CET 2011
Hi Jan Willem,
Thanks a lot for the config and test script.
The lock up seen here is not actually a classic deadlock. It is caused
by too many concurrent calls of "ipsec up". Such calls are synchronous
and thus make the stroke plugin create jobs which each block a thread
from the thread pool waiting for the initiated SA to be established. If
too many of these jobs are created they clog the thread pool and no
other jobs can be handled (e.g. for incoming packets).
I pushed two commits (see [1] and [2]) which fix this problem by
limiting the number of concurrently handled stroke commands. The second
commit adds an option to strongswan.conf that allows you to set the
number of concurrently handled commands. Depending on the number of
threads in the thread pool you might want to increase the current
default of 4.
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8ff513a8
[2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=7c0c2349
More information about the Dev
mailing list