[Openswan dev] IPComp
paul at xelerance.com
Fri Jul 2 18:57:24 CEST 2004
On Fri, 2 Jul 2004, D. Hugh Redelmeier wrote:
> | I have to say that my VPN head is a small machine with << only >> 64 MB
> | of memory. That's fine for testing such configuration. I'm convinced
> | that with 128MB I'd not see these behaviours.
I am not.
> | WITHOUT compression big packets (> 1000 bytes) can go through the
> | interface (and come back) BUT many memory allocations from pluto failed
> | (lack of memory) and, finally, the tunnel hangs.
> Pluto doesn't see the IPsec packets (for data transmission through
> the tunnel), only the IKE packets (for negotiating the tunnel). So
> IPcomp should not in any way affect the amount of memory Pluto
> A barf would be good. Since I'm not working on *Swan these days, I
> would not be the one to look at it.
He mailed me the barfs seperately. the key line is:
Jul 2 15:57:30 vin pluto: "BRU" #3: ERROR: netlink response for Add SA comp.661a at hhh.hhh.hhh.158 included errno 12: Cannot allocate memory
Jul 2 15:57:30 vin pluto: "BRU" #4: ERROR: netlink response for Add SA comp.661a at hhh.hhh.hhh.158 included errno 12: Cannot allocate memory
The memory usage from the same barf shows:
+ cat /proc/meminfo
MemTotal: 56044 kB
MemFree: 1892 kB
Buffers: 30360 kB
Cached: 7492 kB
SwapCached: 0 kB
Active: 28660 kB
Inactive: 11112 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 56044 kB
LowFree: 1892 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
Mapped: 4388 kB
Slab: 13412 kB
Committed_AS: 5204 kB
PageTables: 220 kB
VmallocTotal: 974768 kB
VmallocUsed: 388 kB
VmallocChunk: 974180 kB
Which looks to me there is plenty of memory available (1892kB plus buffers/cache)
This seems more likely a kernel bug in either the netlink code, or the ipsec
code of the 2.6 kernel, or maybe a bug in how we call the netlink code?
If you want an "easy" way out, I recommend trying to run with a 2.4 kernel
and KLIPS for now, since you are using a standard Pentium-II based PC.
More information about the Dev