| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to
the PAGE_SIZE if it is lower than 8192 or to that value otherwise.
In some cases (e.g. for dump messages) the kernel might use up to 16k
for messages, which might require increasing this value.
|
| |
|
|
|
|
| |
It might equal it and that's fine. With MSG_TRUNC we get the actual
message size and can only report an error if we haven't received the
complete message.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As some backends over unreliable transport do not cache response messages,
retransmissions due the loss of responses perform the operation again. Add an
option to ignore some errors arising from such duplicate operations.
Note: This approach can't distinguish between real EXIST/NOTFOUND errors
and packet failures, and therefore is a source of race conditions and can't
detect any of these errors actually happening. Therefore that behavior is
disabled by default, and can be enabled with the ignore_retransmit_errors
strongswan.conf option.
To properly distinguish between real and retransmission errors, a Netlink
backend should implement retransmission detection using sequence numbers.
|
| |
|
|
|
|
| |
As under vanilla Linux the kernel can't handle parallel dump queries and returns
EBUSY, it makes not much sense to use them. Disable parallel queries by default
to basically restore original behavior, improving performance.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
If the kernel can't execute a Netlink query because a different query is already
active, it returns EBUSY. As this can happen now as we support parallel queries,
retry on this error condition.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of locking the socket exclusively to wait for replies, use watcher
to wait for and read in responses asynchronously. This allows multiple parallel
Netlink queries, which can significantly improve performance if the kernel
Netlink layer has longer latencies and supports parallel queries.
For vanilla Linux, parallel queries don't make much sense, as it usually returns
EBUSY for the relevant dump requests. This requires a retry, and in the end
makes queries more expensive under high load.
Instead of checking the Netlink message sequence number to detect multi-part
messages, this code now relies on the NLM_F_MULTI flag to detect them. This
has previously been avoided (by 1d51abb7). It is unclear if the flag did not
work correctly on very old Linux kernels, or if the flag was not used
appropriately by strongSwan. The flag seems to work just fine back to 2.6.18,
which is a kernel still in use by RedHat/CentOS 5.
|
| |
|
|
|
| |
This avoid the hard dependency on enum names, and makes kernel_netlink_shared
independent of kernel_netlink_ipsec.
|
| | |
|
| | |
|
| |
|
|
|
| |
As we are not interested in the returned address, there is really no need
in passing that argument.
|
| |
|
|
| |
There is really no need for doing so, and it makes the code just unreadable.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
