Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Mar 2018 03:50:38 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r331527 - stable/11/lib/libipsec
Message-ID:  <201803250350.w2P3och2067060@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Sun Mar 25 03:50:38 2018
New Revision: 331527
URL: https://svnweb.freebsd.org/changeset/base/331527

Log:
  MFC r330781:
    Update pfkey_open() function to set socket's write buffer size to
    128k and receive buffer size to 2MB. In case if system has bigger
    default values, do not lower them.
  
    This should partially solve the problem, when setkey(8) returns
    EAGAIN error on systems with many SAs or SPs.
  
    PR:		88336
    Obtained from:	NetBSD/ipsec-tools

Modified:
  stable/11/lib/libipsec/pfkey.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/lib/libipsec/pfkey.c
==============================================================================
--- stable/11/lib/libipsec/pfkey.c	Sun Mar 25 03:45:02 2018	(r331526)
+++ stable/11/lib/libipsec/pfkey.c	Sun Mar 25 03:50:38 2018	(r331527)
@@ -1595,10 +1595,12 @@ pfkey_send_x5(so, type, spid)
  *	others : success and return value of socket.
  */
 int
-pfkey_open()
+pfkey_open(void)
 {
 	int so;
-	const int bufsiz = 128 * 1024;	/*is 128K enough?*/
+	int bufsiz_current, bufsiz_wanted;
+	int ret;
+	socklen_t len;
 
 	if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
 		__ipsec_set_strerror(strerror(errno));
@@ -1609,8 +1611,28 @@ pfkey_open()
 	 * This is a temporary workaround for KAME PR 154.
 	 * Don't really care even if it fails.
 	 */
-	(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
-	(void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+	/* Try to have 128k. If we have more, do not lower it. */
+	bufsiz_wanted = 128 * 1024;
+	len = sizeof(bufsiz_current);
+	ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF,
+		&bufsiz_current, &len);
+	if ((ret < 0) || (bufsiz_current < bufsiz_wanted))
+		(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
+			&bufsiz_wanted, sizeof(bufsiz_wanted));
+
+	/* Try to have have at least 2MB. If we have more, do not lower it. */
+	bufsiz_wanted = 2 * 1024 * 1024;
+	len = sizeof(bufsiz_current);
+	ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
+		&bufsiz_current, &len);
+	if (ret < 0)
+		bufsiz_current = 128 * 1024;
+
+	for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) {
+		if (setsockopt(so, SOL_SOCKET, SO_RCVBUF,
+				&bufsiz_wanted, sizeof(bufsiz_wanted)) == 0)
+			break;
+	}
 
 	__ipsec_errcode = EIPSEC_NO_ERROR;
 	return so;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803250350.w2P3och2067060>