I hacked up some awk to count symkey new/frees in pluto's log (I'll push it and some logging tweaks to make it work tomorrow).
It looks like we're leaking 'skeyseed' from calc_skeyseed_v2(). The code carefully saves it in 'struct pcr_skeycalc_v2_r.skeyseed' but nothing seems to read it :-( On 28 February 2017 at 15:41, Andrew Cagney <[email protected]> wrote: > So they are using the same PRF and DH, good (although I'm still mystified). > > more thinking, > Andrew > > On 28 February 2017 at 13:09, Erik Andersson <[email protected]> wrote: >> * For IKEv2: >> >> IKEv2 algorithm newest: >> AES_CBC_128-AUTH_HMAC_SHA2_256_128-PRF_HMAC_SHA2_256-MODP2048 >> >> ESP algorithm newest: AES_128-HMAC_SHA2_256; pfsgroup=<Phase1> >> >> * For IKEv1: >> >> IKE algorithm newest: AES_CBC_128-SHA2_256-MODP2048 >> >> ESP algorithm newest: AES_128-HMAC_SHA2_256; pfsgroup=<Phase1> >> >> /Erik >> >> >> On 2017-02-28 18:39, Andrew Cagney wrote: >>> >>> On 28 February 2017 at 10:30, Erik Andersson <[email protected]> wrote: >>>> >>>> I can also add that when running with IKEv1 instead of IKEv2 the memory >>>> consumption doesn't seem to grow at all. Or very modest at least. >>> >>> >>> With IKEv1 vs IKEv2 was the negotiated crypto suite the same? >>> >> _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
