[strongSwan-dev] Too many interfaces
Martin Willi
martin at strongswan.org
Mon May 18 10:04:01 CEST 2015
Hi Philip,
> using pluto (for legacy reasons) and a very large number of IP's are
> configured
> * exhausting the ifreq[300] array in find_raw_ifaces4();
> * exhausting the RLIMIT_NOFILE (the per-process limit on open files) in
> process_raw_ifaces()/create_socket();
> I wanted to do an enhancement where we add a knob like "pluto.maxifs"
> which would provision the size of ifreq[]
Such a patch probably makes sense. However, we most likely won't release
a new strongSwan 4.x version with pluto, as we focus on the 5.x series
with IKEv1 in charon.
Feel free to share a patch here, some users might appreciate that. But
as there is no new pluto release planned, we most likely won't upstream
it for a release.
> as setting (via setrlimit(RLIMIT_NOFILE)) the number of potential open
> file descriptors in pluto to be maxifs+epsilon
When doing so you should consider replacing/updating any use of select()
in pluto, as fd_set usually has a hard limit for the file descriptor
numbers. For charon we recently did that by using poll() instead of
select().
> I would similarly add such a knob for "charon.maxifs".
While there are probably performance issues with too many interfaces, I
don't think there currently is any hard limit for networking interfaces
in charon.
Regards
Martin
More information about the Dev
mailing list