Hi Martin,
Thanks for your quick response.
Sorry, I actually make mistake, what I have measured is virtual memory not
physical memory. The following is the result of "top":
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>Mem: 43872K used, 83084K free, 0K shrd, 0K buff, 32992K cached
CPU: 0% usr 0% sys 0% nic 100% idle 0% io 0% irq 0% sirq
Load average: 0.00 0.01 0.05 1/39 451
PID PPID USER STAT VSZ %MEM %CPU COMMAND
451 327 root R 2224 2% 0% top
>>>>420 419 root S 131m 106% 0%
/usr/local/libexec/ipsec/charon
324 1 root S 12140 10% 0% /usr/local/bin/picomon2 36000
319 1 root S 3948 3% 0% /usr/sbin/sshd
327 1 root S 2652 2% 0% -bash
419 1 root S 1948 2% 0% /usr/local/libexec/ipsec/starter
1 0 root S 1876 1% 0% init
315 1 root S 1876 1% 0% /sbin/syslogd
326 1 root S 1744 1% 0% watchdog -T 5 -t 1 /dev/watchdog
257 2 root SWN 0 0% 0% [jffs2_gcd_mtd1]
81 2 root SW 0 0% 0% [pdflush]
6 2 root SW< 0 0% 0% [khelper]
2 0 root SW< 0 0% 0% [kthreadd]
3 2 root SW< 0 0% 0% [ksoftirqd/0]
4 2 root SW< 0 0% 0% [watchdog/0]
5 2 root SW< 0 0% 0% [events/0]
55 2 root SW< 0 0% 0% [kblockd/0]
80 2 root SW 0 0% 0% [pdflush]
82 2 root SW< 0 0% 0% [kswapd0]
124 2 root SW< 0 0% 0% [aio/0]
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
other questions:
1) If the used virtual memory exceed, the following error will be occurred,
is it right?
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
kernel_netlink_shared.c:241:Resource temporarily unavailable-93: received
netlink error
kernel_netlink_ipsec.c:1162:ce5eb232: unable to add SAD entry with SPI
kernel_netlink_shared.c:241:Resource temporarily unavailable-93: received
netlink error
kernel_netlink_ipsec.c:1162:c78f6b82: unable to add SAD entry with SPI
sa/tasks/child_create.c:476:inbound :and :outbound : unable to install IPsec
SA(SAD) in kernel
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2) If I want to reduce the virtual memory usage, I can use the following
method you provided in this letter:
- Disable plugins to a minimum, OpenSSL is huge
- Compile with -Os and without -g
- strip binaries
- use -DDEBUG_LEVEL=1, or even 0
- reduce threads, but make sure to have enough for your plugins.
Depending on your plugins, you'll need at least 8 or so.
>>>>>> it can be set in strongswan.conf file as followed:
Charon
{ threads = 8; ....}
Is it right?
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Best Regards,
David
-----邮件原件-----
发件人: Martin Willi [mailto:[email protected]]
发送时间: 2009年9月18日 16:16
收件人: weiping deng
抄送: 'Andreas Steffen'
主题: Re: How to peel off strongswan code for running in an space-stressed
ARM
Hi David,
> running charon has occupied at most 131M memory space.
Are you sure charon uses 131M resident memory? Such memory consumption
is usual if you are running 15'000 tunnels, but not for a simple set up.
What you have measured is probably virtual memory. We heavily make use
of threads, resulting in more use of virtual memory. But virtual memory
has nothing to do with the use of your physical 48M.
Depending on your plugin configuration, charon uses about 1M to 3M of
resident memory, not more, plus ~8K per established IKE_SA.
> So can you give some advice for how to peel off strongswan code for
> running in this space-stressed ARM.
- Disable plugins to a minimum, OpenSSL is huge
- Compile with -Os and without -g
- strip binaries
- use -DDEBUG_LEVEL=1, or even 0
- reduce threads, but make sure to have enough for your plugins.
Depending on your plugins, you'll need at least 8 or so.
Regards
Martin
PS: Please use the mailing list for non-confidential questions, other
users might be interested in such discussions, too.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
