ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

testing: Fix route-based/net2net-xfrmi-ike scenario 

On newer systems, the upper hard limit for open file descriptors (see
`ulimit -H -n`) was increased from 4096 to 524288.  Due to how python-daemon
closes potentially open file descriptors (basically stores them in a set,
removes those excluded by config, and loops through all of them), the updown
script was either killed immediately (by the OOM killer) or not ready yet
when updown events occurred.
This commit is contained in:
Tobias Brunner 2020-08-25 10:28:58 +02:00
parent 1496991078
commit 210c1e2628
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
testing/tests/route-based/net2net-xfrmi-ike/evaltest.dat
View File

@ -1,3 +1,4 @@
sun::cat /var/log/daemon.log::charon-updown.*connected to charon-systemd::YES
moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_SUN remote-port=4500 remote-id=sun.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.1.0.10/32] remote-ts=\[10.2.0.0/16].*local-ts=\[10.1.0.20/32] remote-ts=\[10.2.0.0/16]::YES
sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_SUN local-port=4500 local-id=sun.strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.10/32].*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.20/32]::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES

8
testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/updown.py
View File

@ -6,6 +6,7 @@ import daemon
import logging
from logging.handlers import SysLogHandler
import subprocess
import resource
logger = logging.getLogger('updownLogger')
@ -54,6 +55,13 @@ def install_routes(ike_sa):
subprocess.call(["ip", "route", "add", ts, "dev", ifname_out])
# the hard limit (second number) is the value used by python-daemon when closing
# potentially open file descriptors while daemonizing. since the default is
# 524288 on newer systems, this can take quite a while, and due to how this
# range of FDs is handled internally (as set) it can even trigger the OOM killer
resource.setrlimit(resource.RLIMIT_NOFILE, (256, 256))
# daemonize and run parallel to the IKE daemon
with daemon.DaemonContext():
logger.debug("starting Python updown listener")