|
Bug ID
|
6629735
|
|
Synopsis
|
file descriptor leak causes ipsecconf to core dump with many rules
|
|
State
|
10-Fix Delivered (Fix available in build)
|
|
Category:Subcategory
|
network:ipsec
|
|
Keywords
|
no-nevada+ | no-nv+ | rtiq_regression
|
|
Responsible Engineer
|
Paul M Roberts
|
|
Reported Against
|
s10u4_fcs
|
|
Duplicate Of
|
|
|
Introduced In
|
solaris_9
|
|
Commit to Fix
|
s10u5_09
|
|
Fixed In
|
s10u5_09
|
|
Release Fixed
|
solaris_10u5(s10u5_09)
,
solaris_nevada(snv_79) (Bug ID:2155871)
|
|
Related Bugs
|
4521087
,
6629812
,
6629818
,
6630212
|
|
Submit Date
|
14-November-2007
|
|
Last Update Date
|
13-February-2008
|
|
Description
|
ipsecconf can core dump when loading many rules. The symptom will be a core dump when loading more than 124 rules. There is a file descriptor leak that causes this issue.
One can raise the file descriptor limit with ulimit -n or load the rules in batches and there is no issue.
|
|
Work Around
|
1. Use ulimit -n to raise the fd limit. This only scales so far.
2. Add rules in batches. The kernel can handle many rules up to physical memory limits. ipsecconf -a rule adds are cumulative.
|
|
Comments
|
N/A
|
