OK and thanks Chris
On 22/2/22 7:34 pm, Christian Mauderer wrote: > By default, pfkey allocates a 2MB buffer that is used for SPD entries. > This size is a good choice for a server system where a lot of clients > should be handled. But on our embedded systems, an application with that > much clients is unlikely and 2MB is a lot of space. So reduce that to > the default value of 128kB which should be enough for a small number of > ipsec connections. > > See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details > why the upstream project originally increased the size. > > If someone really needs a bigger size, there is a option in the > configuration file of pfkey called `pfkey_buffer` that can overwrite > this value. > --- > ipsec-tools/src/libipsec/pfkey.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/ipsec-tools/src/libipsec/pfkey.c > b/ipsec-tools/src/libipsec/pfkey.c > index 385a21a9..cc6ad816 100644 > --- a/ipsec-tools/src/libipsec/pfkey.c > +++ b/ipsec-tools/src/libipsec/pfkey.c > @@ -1836,8 +1836,18 @@ pfkey_open(void) > (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, > &bufsiz_wanted, sizeof(bufsiz_wanted)); > > +#ifndef __rtems__ > /* Try to have have at least 2MB. If we have more, do not lower it. */ > bufsiz_wanted = 2 * 1024 * 1024; > +#else /* __rtems__ */ > + /* > + * The bufsize_wanted has an influence on the maximum number of SPDs. We > + * don't really need that much of them on an embedded system. If some > + * application really needs it, this can be overwritten with the > + * pfkey_buffer option in the config file. > + */ > + bufsiz_wanted = 128 * 1024; > +#endif /* __rtems__ */ > len = sizeof(bufsiz_current); > ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF, > &bufsiz_current, &len); _______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
