[strongSwan-dev] Unserviced PFKEY sockets in starter

Tobias Brunner tobias at strongswan.org
Tue May 15 09:02:59 CEST 2012

Hi David,

Thanks for the report.

> Out of interest, what does starter do with these sockets? Should it be
> opening them?

Starter uses the kernel interfaces to flush the SAD and SPD entries in
the kernel when it is terminated.  So it does not actually use the event
sockets registered with the kernel.  The problem is that the thread pool
was not initialized in starter so there are no threads available to
actually read from these sockets.  I changed this in [1] so that events
are now read from the sockets, even if they are currently not used by

By the way, is there a reason you use PF_KEY on Linux?  There are some
limitations in comparison to the Netlink/XFRM kernel interface.


[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=d3590016

More information about the Dev mailing list