Public bug reported:

Reproduction info:

set up two LXC containers (although this probably isn't specific to LXC
containers), and inside each setup ipsec with something similar to:

conn nodeN
aggressive=yes 
authby=secret 
auto=start 
closeaction=restart 
dpdaction=restart 
esp=aes256-aes256gmac-modp1024 
ike=aes256-sha512-modp1024 
keyexchange=ikev2 
left=10.0.3.145 
leftid=10.0.3.145 
lifetime=12h 
reauth=no 
right=10.0.3.199 
type=transport 


then repeatedly open connections to the peer, e.g.:

while true; do ping -c1 10.0.3.199 ; sleep 0.1 ; done

eventually, the connections will fail with:

connect: No buffer space available

the reproduction can be sped up by reducing the xfrm4_gc_thresh, e.g.:

echo 5 > /proc/sys/net/ipv4/xfrm4_gc_thresh


Once the error occurs, no more connections can be made to the peer (all fail 
with no buffer space available), however after a long period (e.g. overnight) 
the buffers will be cleaned up and connections can be made again.

this happens even on the latest net-next kernel.

** Affects: linux (Ubuntu)
     Importance: Undecided
     Assignee: Dan Streetman (ddstreet)
         Status: In Progress

** Changed in: linux (Ubuntu)
     Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: linux (Ubuntu)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1486670

Title:
  using ipsec, many connections result in no buffer space error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1486670/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to