Hi Martin,
We have enough RAM available on the Linux server (24 GB) and multiple ethernet
ports. And we need thousands of unique IP addresses, as we also need to
send/receive traffic on each of the established IPSec tunnels with the gateway.
The backtrace of core dump is as below:
#0 0xb78103ce in backtrace_create (skip=2) at utils/backtrace.c:177
#1 0x080544e9 in segv_handler (signal=11) at daemon.c:531
#2 <signal handler called>
#3 element_create (value=0x8144ec0) at utils/linked_list.c:56
#4 0xb780e1a5 in insert_last (this=0xbfffff58, item=0x8144ec0) at
utils/linked_list.c:465
#5 0xb7807e47 in unique_check (list=0xbfffff58, in=0x9978cecc, out=0x9978cf3c)
at crypto/crypto_factory.c:567
#6 0xb780ee7e in enumerate_filter (this=0xbfffffd8, o1=0x9978cf3c,
o2=0x9978cf38, o3=0x9978cf34, o4=0x9978cf30, o5=0x9978cf2c)
at utils/enumerator.c:431
#7 0xb780ee2e in enumerate_filter (this=0xbfffffb8, o1=0x9978cf74, o2=0x2,
o3=0x0, o4=0xc, o5=0xb7816060) at utils/enumerator.c:429
#8 0x0804fea9 in proposal_create_default (protocol=PROTO_IKE) at
config/proposal.c:795
#9 0xb77b0902 in add_proposals (this=<value optimized out>, string=0x0,
ike_cfg=0xbffff9c0, child_cfg=0x0) at stroke_config.c:181
#10 0xb77b15c5 in add (this=0x943b078, msg=0x9978d0f0) at stroke_config.c:238
#11 0xb77afd77 in process (ctx=0x50f53008) at stroke_socket.c:194
#12 0x0805ef4d in execute (this=0xbfff4cc8) at
processing/jobs/callback_job.c:145
#13 0x08060815 in process_jobs (this=0x8142ee8) at processing/processor.c:123
#14 0x4700949b in start_thread () from /lib/libpthread.so.0
#15 0x46f6042e in clone () from /lib/libc.so.6
Thanks,
Munish
-----Original Message-----
From: Martin Willi [mailto:[email protected]]
Sent: 16 April 2012 15:05
To: Munish Dayal
Cc: [email protected]
Subject: RE: [strongSwan-dev] strongswan 4.6.2: charon unstable/crashes when
establishing a lot of connections
Hi,
> The load-tester plugin looks like uses a fixed set of credentials
> (mainly used for stress testing with some sample credentials).
It uses a CA certificate and issues client certificates to use on demand.
Replacing the CA and issuing certificates for your needs should be a trivial
extension. Using your already issued certs requires a little more work, though.
> In our test, we have thousands of terminals simulated in a Linux
> machine running charon, and each terminal or initiator is having a
> unique IP address with a different certificate.
I don't know how you simulate unique IP addresses, but in my experience adding
thousands of IPs to an interface scales very bad on Linux and is not really a
practical solution for load testing.
We don't use different IPs in our plugin, as it is not a factor that influences
setup rate. Using unique IDs is sufficient, unless you need this IP to test the
established IPsec tunnels themselves with traffic.
> Is there a way to fix the Charon crashes/unstability in this scenario,
> or is the load-tester plugin the only way to proceed ?
While your approach doesn't scale well, it shouldn't crash. Have you verified
that you don't run into any memory limit?
Regards
Martin
===============================================================================
Please refer to http://www.aricent.com/legal/email_disclaimer.html
for important disclosures regarding this electronic communication.
===============================================================================
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
