Hi Philip, > using pluto (for legacy reasons) and a very large number of IP's are > configured
> * exhausting the ifreq[300] array in find_raw_ifaces4(); > * exhausting the RLIMIT_NOFILE (the per-process limit on open files) in > process_raw_ifaces()/create_socket(); > I wanted to do an enhancement where we add a knob like "pluto.maxifs" > which would provision the size of ifreq[] Such a patch probably makes sense. However, we most likely won't release a new strongSwan 4.x version with pluto, as we focus on the 5.x series with IKEv1 in charon. Feel free to share a patch here, some users might appreciate that. But as there is no new pluto release planned, we most likely won't upstream it for a release. > as setting (via setrlimit(RLIMIT_NOFILE)) the number of potential open > file descriptors in pluto to be maxifs+epsilon When doing so you should consider replacing/updating any use of select() in pluto, as fd_set usually has a hard limit for the file descriptor numbers. For charon we recently did that by using poll() instead of select(). > I would similarly add such a knob for "charon.maxifs". While there are probably performance issues with too many interfaces, I don't think there currently is any hard limit for networking interfaces in charon. Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
