After deploying strongswan on a box with full IPv4 BGP tables, I found that charon has basically locked up completely and one of the threads was maxxing out a CPU core.
Upon attaching to the errant thread I discovered it was happening within the get_route() code for libhydra's netlink plugin. I then noticed that the code for triggering a full dump of the routing table looked very wrong and was certainly incongruous with the comment directly below it. I also note commit 6bd1216e7a8a41eb6c103c27a05f50871e1aef99 which appears to have wanted to fix the issue without actually fixing it. Following this message is a patch that, for me at least, fixed the issue. It's based off of 5.3.3 but it should apply to master just fine since it hasn't been modified since then. Oliver (1): kernel_netlink_net: Fix erroneous dumping of whole routing table. src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- 2.3.6 _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
