Public bug reported: The default xfrm4_gc_thresh (and xfrm6_gc_thresh) value is currently 32k, but in systems with > 16 cpus, this will (eventually) cause failures when ipsec uses too many dst objects. As xfrm doesn't actually manage its dst objects, the flowcache does, this parameter doesn't actually control xfrm dst gc, it only causes failures when exceeded. Thus is should simply be set to INT_MAX.
Upstream commit that fixes this is c386578f1cdb4dac230395a951f88027f64346e3 ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Dan Streetman (ddstreet) Status: Incomplete ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Dan Streetman (ddstreet) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1549332 Title: xfrm4_gc_thresh should default to INT_MAX To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1549332/+subscriptions -- ubuntu-bugs mailing list firstname.lastname@example.org https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs