From owner-freebsd-security  Mon Jul 15  0:44:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8873137B400
	for <security@FreeBSD.ORG>; Mon, 15 Jul 2002 00:44:16 -0700 (PDT)
Received: from papa.tanu.org (kame195.kame.net [203.178.141.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A446943E64
	for <security@FreeBSD.ORG>; Mon, 15 Jul 2002 00:44:15 -0700 (PDT)
	(envelope-from sakane@kame.net)
Received: from localhost ([2001:218:1e1f:40:260:1dff:fe21:f766])
	by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g6F7mDn80336;
	Mon, 15 Jul 2002 16:48:13 +0900 (JST)
	(envelope-from sakane@kame.net)
To: campbell@neotext.ca
Cc: security@FreeBSD.ORG
Subject: Re: racoon/FreeBSD 4.5 problems & observations
In-Reply-To: Your message of "Wed, 10 Jul 2002 09:43:38 -0000"
	<200207100943.g6A9hcA01547@localhost.neotext.ca>
References: <200207100943.g6A9hcA01547@localhost.neotext.ca>
X-Mailer: Cue version 0.6 (020620-1817/sakane)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Message-Id: <20020715164425B.sakane@kame.net>
Date: Mon, 15 Jul 2002 16:44:25 +0900
From: Shoichi Sakane <sakane@kame.net>
X-Dispatcher: imput version 20000228(IM140)
Lines: 25
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Then I upgraded (several months or so ago) ww0 to run 4.5.  On doing this
> I first found my /var/log/racoon.log would bloat and overrun the
> filesystem (the 110% useage syndrome).  So I then linked /var/log/racoon.log
> to /dev/null and ran like that.  No good.  The racoon task would bloat
> by 4k per packet transmitted across the VPN to the 4.5 node and would
> quickly reach 2, 3 or 4 hundred megabytes in memory useage.  Didn't matter
> whether I was setting up for tunnel or transport.  And it didn't matter
> which version of the racoon task I was using: binaries from 4.3 behaved
> as badly on the 4.5 system as did the latest release.  Same with binaries
> I compiled on both systems.

there is no difference of racoon between 4.5 and 4.3.
what kind of message did you find in the racoon.log ?

i think these messages relatived to routing informations.
racoon watches the routing socket in order to get addresses which
are assigned to interfaces.  when racoon gets either RTM_NEWADDR,
RTM_DELADDR, RTM_DELETE or RTM_IFINFO, racoon will re-start to get
address list.
if your routing table changes frequently, racoon dumps plenty of
messages into the racoon.log.

to prevent this, you should define addresses to have racoon listened
by using the listen directive.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message