[strongSwan-dev] charon deadlock involving three threads
Jan Willem Beusink
beusink at gmail.com
Mon Jan 9 15:29:34 CET 2012
On Dec 29, 2011, at 7:07 PM, Tobias Brunner wrote:
> Hi Jan Willem,
>
> Thanks a lot for the config and test script.
>
> The lock up seen here is not actually a classic deadlock. It is caused
> by too many concurrent calls of "ipsec up". Such calls are synchronous
> and thus make the stroke plugin create jobs which each block a thread
> from the thread pool waiting for the initiated SA to be established. If
> too many of these jobs are created they clog the thread pool and no
> other jobs can be handled (e.g. for incoming packets).
>
> I pushed two commits (see [1] and [2]) which fix this problem by
> limiting the number of concurrently handled stroke commands. The second
> commit adds an option to strongswan.conf that allows you to set the
> number of concurrently handled commands. Depending on the number of
> threads in the thread pool you might want to increase the current
> default of 4.
>
> Regards,
> Tobias
>
> [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8ff513a8
> [2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=7c0c2349
Hi Tobias,
thank you for supplying the patches. This solved a blocking issue for my Masters thesis experiments. So very, very much appreciated!
After tweaking the right parameters a bit I've managed to verify that the script I sent you now works without deadlock/pool exhaustion.
For those googlers finding this thread useful: Bringing the connections down right/soon after initiation also mitigates this 'bug' it seems.
Kind regards,
Jan Willem Beusink
More information about the Dev
mailing list