[strongSwan-dev] Too many interfaces
philipp_subx at redfish-solutions.com
Thu May 14 02:12:01 CEST 2015
We have a scenario where we're using pluto (for legacy reasons) and a very large number of IP's are configured on the server (or alternately, the server has a large number of public IPs).
We've run into 2 different problems:
* exhausting the ifreq array in find_raw_ifaces4();
* exhausting the RLIMIT_NOFILE (the per-process limit on open files) in process_raw_ifaces()/create_socket();
I wanted to do an enhancement where we add a knob like "pluto.maxifs" which would provision the size of ifreq (now as a malloc()'d structure, or possibly using getifaddrs()) to the correct size, as well as setting (via setrlimit(RLIMIT_NOFILE)) the number of potential open file descriptors in pluto to be maxifs+epsilon (where epsilon would cover additional file descriptors needed for syslog, stdout, stderr, config files, the control sockets to talk to "ipsec", etc... probably about 20).
I would similarly add such a knob for "charon.maxifs".
And of course we'd upstream the enhancement once we'd tested it in-house.
Does this seem like a reasonable venture?
More information about the Dev