diff options
author | Christian Mauderer <christian.mauderer@embedded-brains.de> | 2022-02-22 09:25:36 +0100 |
---|---|---|
committer | Christian Mauderer <christian.mauderer@embedded-brains.de> | 2022-02-24 10:20:12 +0100 |
commit | 0b30f38951d5f6291e9691ce8eb51a14242e26be (patch) | |
tree | 635363519b7cf6220bdcda6126635d44ff4f7115 | |
parent | rtems-bsd-program.h: Remove stray ';' (diff) | |
download | rtems-libbsd-0b30f38951d5f6291e9691ce8eb51a14242e26be.tar.bz2 |
ipsec-tools: Reduce allocated buffer size
By default, pfkey allocates a 2MB buffer that is used for SPD entries.
This size is a good choice for a server system where a lot of clients
should be handled. But on our embedded systems, an application with that
much clients is unlikely and 2MB is a lot of space. So reduce that to
the default value of 128kB which should be enough for a small number of
ipsec connections.
See https://bugzilla.redhat.com/show_bug.cgi?id=607361 for more details
why the upstream project originally increased the size.
If someone really needs a bigger size, there is a option in the
configuration file of pfkey called `pfkey_buffer` that can overwrite
this value.
Closes #4621
-rw-r--r-- | ipsec-tools/src/libipsec/pfkey.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipsec-tools/src/libipsec/pfkey.c b/ipsec-tools/src/libipsec/pfkey.c index 385a21a9..cc6ad816 100644 --- a/ipsec-tools/src/libipsec/pfkey.c +++ b/ipsec-tools/src/libipsec/pfkey.c @@ -1836,8 +1836,18 @@ pfkey_open(void) (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz_wanted, sizeof(bufsiz_wanted)); +#ifndef __rtems__ /* Try to have have at least 2MB. If we have more, do not lower it. */ bufsiz_wanted = 2 * 1024 * 1024; +#else /* __rtems__ */ + /* + * The bufsize_wanted has an influence on the maximum number of SPDs. We + * don't really need that much of them on an embedded system. If some + * application really needs it, this can be overwritten with the + * pfkey_buffer option in the config file. + */ + bufsiz_wanted = 128 * 1024; +#endif /* __rtems__ */ len = sizeof(bufsiz_current); ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz_current, &len); |