Re: Fwd: Memory exhaust issue with only IPsec policies configuredon continuous traffic

[Eric Dumazet]

On Thu, 2012-05-10 at 10:53 +0530, Nikhil Agarwal wrote:
> Hi All,
> 
> Can you please help on this?

Dont top post please

> 
> -----Original Message-----
> From: Agarwal Nikhil-B38457
> Sent: Wednesday, May 09, 2012 2:53 PM
> To: linux-kernel@xxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx
> Subject: Memory exhaust issue with only IPsec policies configured on
> continuous traffic
> 
> Hi all,
>                In a typical scenario, when IPSEC policies are
> configured in the system but SA is not present or negotiation fails or
> IKE daemon is not running.  The current behavior of xfrm is to send
> those matching packets to blackhole route.  i.e. xfrm_bundle_lookup
> returns a bundle with null route and xfrm_lookup returns a blackhole
> route.
> 
> For each of these packet a dst_alloc is called in
> ipv4_blackhole_route. However when these skbs get free and their dst's
> get discarded using dst_free and the garbage collector is scheduled
> using cancel_delayed_work and schedule_delayed_work.
> 
> If the packets are coming continuously garbage collector may not get
> scheduled and large amount of memory is stuck to be freed causing the
> system to go into non-recoverable state.
> 
> Any ideas?

Yep, we can use DST_NOCACHE


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/