[strongSwan-dev] [PATCH] Fix unnecessary dumping of entire routing table.

Oliver oliver.d at prodege.com
Tue Sep 29 02:37:28 CEST 2015

After deploying strongswan on a box with full IPv4 BGP tables, I found that
charon has basically locked up completely and one of the threads was maxxing
out a CPU core.

Upon attaching to the errant thread I discovered it was happening within the
get_route() code for libhydra's netlink plugin. I then noticed that the code
for triggering a full dump of the routing table looked very wrong and was
certainly incongruous with the comment directly below it.

I also note commit 6bd1216e7a8a41eb6c103c27a05f50871e1aef99 which appears to
have wanted to fix the issue without actually fixing it.

Following this message is a patch that, for me at least, fixed the issue. It's
based off of 5.3.3 but it should apply to master just fine since it hasn't been
modified since then.

Oliver (1):
  kernel_netlink_net: Fix erroneous dumping of whole routing table.

 src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)


More information about the Dev mailing list