[strongSwan] Query on multiple instances of Charon daemon

Chinmaya Dwibedy ckdwibedy at yahoo.com
Mon Nov 18 07:34:17 CET 2013 

Hi,

We are using two Multi-Core MIPS64 Processors with 16 cnMIPS64 v2 cores (one acts as an IKE initiator and another as an IKE responder). We are running strongswan in both systems. Both the systems have 1Gbps Ethernet cards, which are connected to 1 Gbps L2 switch. The Wind River Linux runs on all the 16 cores.

As per our architecture, when we start SE-UM application (i.e., /usr/lib/ipsec/starter or /usr/lib/ipsec/charon) from the command line, the main () starts one instance of Charon application on each core of 16 cores (all the cores running/under Linux). The fork () is used to create a copy of the process for each SMP core. 

The _charon_pid variable (global) is set to zero before creation of Charon process. The starter checks whether _charon_pid is set to zero or not.  If not, calls the starter_start_charon () (src\starter\invokecharon.c) to spawn a child process running charon program (resides at /usr/lib/ipsec) and passes few arguments. The Charon (in its main ()) calls check_pidfile() (Reference in Charon.c (charon) at line 402). This function does the followings 
1)	Checks whether charon.pid file exists or not at /var/run/ directory, returns TRUE if already running.
2)	If not, creates a charon.pid (PID of charon) file and returns FALSE.

When first instance of Charon daemon runs, it will create the charon.pid. Hence for subsequent creation of Charon instances (on each core), the aforesaid function will return FALSE. Once it returns FALSE, calls libcharon_deinit() , libhydra_deinit() and library_deinit() to de-initialize the charon library, kernel interfaces specific to 'starter' for the kernel & destroys "lib" instance of Libstrongswan library. As a result of which, all the library instances get unloaded from real memory, which will have created by first instance of charon daemon.

Thus modified the strongswan codes to restrict one instance of starter/charon to run on first core but the group of threads (created and managed by the strongswan based upon configuration setting in strongswan.conf file) in order to process a large number of tasks, will be scheduled and distributed among 16 cores. Is my understanding correct?

Can it possible to run multiple instances of Charon daemon in all the cores of a system? If yes, will it have any performance benefits? 

Regards,
Chinmaya

More information about the Users mailing list