Date: Mon, 19 Feb 2018 14:05:33 +0400 From: Misak Khachatryan <kmisak@gmail.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-net@freebsd.org Subject: Re: Racoon and setkey problems Message-ID: <CABfKv0kR-aesshCF-tEMvU8RwZLC%2BE=S%2BOZFWfjpKQZ_yKZ_YQ@mail.gmail.com> In-Reply-To: <CABfKv0k-HACh6Bug=UZNQuVgZnTQoa6Bs0Z2Z7piY2nEQACRKw@mail.gmail.com> References: <CABfKv0mYX2ouQ1k6M2Bd90yp=eQXP6HcHL7%2BdE2AZQ9afQ%2Bc2g@mail.gmail.com> <5A8A97EC.4040103@grosbein.net> <CABfKv0ntGt6TCP7v9xa=MSSZqHwYbZtYtVd6s0gZ-Mbdu2qk5A@mail.gmail.com> <5A8A9B8E.2070400@grosbein.net> <CABfKv0k-HACh6Bug=UZNQuVgZnTQoa6Bs0Z2Z7piY2nEQACRKw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
BTW, restarting racoon produces this output: # service racoon stop Stopping racoon. Waiting for PIDS: 54657. # setkey -F; setkey -FP send: No buffer space available send: No buffer space available # service racoon start Starting racoon. I did ktrace of setkey: 5499 setkey CALL socket(PF_KEY,SOCK_RAW,0x2) 5499 setkey RET socket 3 5499 setkey CALL setsockopt(0x3,SOL_SOCKET,SO_SNDBUF,0x7fffffffebac,0x4) 5499 setkey RET setsockopt 0 5499 setkey CALL setsockopt(0x3,SOL_SOCKET,SO_RCVBUF,0x7fffffffebac,0x4) 5499 setkey RET setsockopt 0 5499 setkey CALL getpid 5499 setkey RET getpid 5499/0x157b 5499 setkey CALL sendto(0x3,0x7fffffffeb78,0x10,0,0,0) 5499 setkey RET sendto -1 errno 55 No buffer space available and tried to increase net.raw.recvspace & net.raw.sendspace with no luck Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 1:49 PM, Misak Khachatryan <kmisak@gmail.com> wrote: > HThis machine was rebooted few days ago and immediately it starts > behave like this, > > FreeBSD xxxxxx.net 10.4-RELEASE-p1 FreeBSD 10.4-RELEASE-p1 #0: Mon Oct > 30 21:13:49 +04 2017 xxxx@xxxxxx.net:/usr/obj/usr/src/sys/RTR > amd64 > > It's 64 bit system with 2 MB of memory: > > # vmstat > procs memory page disks faults cpu > r b w avm fre flt re pi po fr sr md0 ad0 in sy cs us sy id > 1 0 0 2145M 716M 384 0 0 0 617 229 0 0 3678 2043 8230 0 1 99 > > Flushing rules doesn't help, there is 3 IPSEC tunnels in racoon.conf > overall, IPv4 and IPv6, so 12 rules in setkey.conf > > > > > Best regards, > Misak Khachatryan > > > On Mon, Feb 19, 2018 at 1:40 PM, Eugene Grosbein <eugen@grosbein.net> wrote: >> 19.02.2018 16:28, Misak Khachatryan wrote: >> >>> # vmstat -m | egrep "sec|sah|pol" >>> inpcbpolicy 122 4K - 4955796 32 >>> secasvar 48558 12140K - 1572045 256 >>> sahead 3 1K - 15 256 >>> ipsecpolicy 256 64K - 9911740 256 >>> ipsecrequest 12 2K - 48 128 >>> ipsec-misc 389632 12176K - 12575976 16,32,64 >> >> Looking at huge "MemUse" values for secasvar and ipsec-misc, >> I suspect some kind of memory leak. >> >> FreeBSD 11.1 has new IPSEC implementation and you may consider trying new version. >> >> Meantime, you can try to flush all IPSEC-related data from the system: >> >> service racoon stop >> setkey -F; setkey -FP >> service racoon start >> >> If that does not help, reboot and start monitoring these numbers for secasvar and ipsec-misc. >> >> How many IPSEC tunnells/associations do you have simultaneously? >> And again, are those systems 32 bit or 64 bit? >>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABfKv0kR-aesshCF-tEMvU8RwZLC%2BE=S%2BOZFWfjpKQZ_yKZ_YQ>