From owner-svn-src-all@freebsd.org  Sun Mar 11 19:26:35 2018
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFC10F483FC;
 Sun, 11 Mar 2018 19:26:35 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 609827A51D;
 Sun, 11 Mar 2018 19:26:35 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 40D22216D8;
 Sun, 11 Mar 2018 19:26:35 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2BJQZnk043245;
 Sun, 11 Mar 2018 19:26:35 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2BJQZ0g043244;
 Sun, 11 Mar 2018 19:26:35 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201803111926.w2BJQZ0g043244@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Sun, 11 Mar 2018 19:26:35 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r330781 - head/lib/libipsec
X-SVN-Group: head
X-SVN-Commit-Author: ae
X-SVN-Commit-Paths: head/lib/libipsec
X-SVN-Commit-Revision: 330781
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2018 19:26:35 -0000

Author: ae
Date: Sun Mar 11 19:26:34 2018
New Revision: 330781
URL: https://svnweb.freebsd.org/changeset/base/330781

Log:
  Update pfkey_open() function to set socket's write buffer size to
  128k and receive buffer size to 2MB. In case if system has bigger
  default values, do not lower them.
  
  This should partially solve the problem, when setkey(8) returns
  EAGAIN error on systems with many SAs or SPs.
  
  PR:		88336
  Obtained from:	NetBSD/ipsec-tools
  MFC after:	2 weeks

Modified:
  head/lib/libipsec/pfkey.c

Modified: head/lib/libipsec/pfkey.c
==============================================================================
--- head/lib/libipsec/pfkey.c	Sun Mar 11 19:22:58 2018	(r330780)
+++ head/lib/libipsec/pfkey.c	Sun Mar 11 19:26:34 2018	(r330781)
@@ -1595,10 +1595,12 @@ pfkey_send_x5(so, type, spid)
  *	others : success and return value of socket.
  */
 int
-pfkey_open()
+pfkey_open(void)
 {
 	int so;
-	const int bufsiz = 128 * 1024;	/*is 128K enough?*/
+	int bufsiz_current, bufsiz_wanted;
+	int ret;
+	socklen_t len;
 
 	if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
 		__ipsec_set_strerror(strerror(errno));
@@ -1609,8 +1611,28 @@ pfkey_open()
 	 * This is a temporary workaround for KAME PR 154.
 	 * Don't really care even if it fails.
 	 */
-	(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
-	(void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+	/* Try to have 128k. If we have more, do not lower it. */
+	bufsiz_wanted = 128 * 1024;
+	len = sizeof(bufsiz_current);
+	ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF,
+		&bufsiz_current, &len);
+	if ((ret < 0) || (bufsiz_current < bufsiz_wanted))
+		(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
+			&bufsiz_wanted, sizeof(bufsiz_wanted));
+
+	/* Try to have have at least 2MB. If we have more, do not lower it. */
+	bufsiz_wanted = 2 * 1024 * 1024;
+	len = sizeof(bufsiz_current);
+	ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
+		&bufsiz_current, &len);
+	if (ret < 0)
+		bufsiz_current = 128 * 1024;
+
+	for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) {
+		if (setsockopt(so, SOL_SOCKET, SO_RCVBUF,
+				&bufsiz_wanted, sizeof(bufsiz_wanted)) == 0)
+			break;
+	}
 
 	__ipsec_errcode = EIPSEC_NO_ERROR;
 	return so;