[strongSwan-dev] Unserviced PFKEY sockets in starter

David George dgeorgester at gmail.com
Tue May 15 08:25:29 CEST 2012

Hello all.

I am running strongSwan under Linux using PFKEY sockets. I have
noticed that both starter and charon instantiate sets of PFKEY sockets
by default (with an empty strongswan.conf). In regular operation,
however, starter doesn't seem to service its sockets. As a result of
this the BROADCAST_ALL pfkey responses accumulate in the starter
sockets. Over time this leads to a constant increase in memory use
and, I guess, with a creative imagination could lead to out-of-memory
issue running long term. I currently disable starter plugins to get
around this.

Out of interest, what does starter do with these sockets? Should it be
opening them?

I am running a fairly recent git version (Thu May 3 20:48:01 2012
+0200, a71f0f3bdc4)

David George

More information about the Dev mailing list