+sun::cat /var/log/daemon.log::charon-updown.*connected to charon-systemd::YES
moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_SUN remote-port=4500 remote-id=sun.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.1.0.10/32] remote-ts=\[10.2.0.0/16].*local-ts=\[10.1.0.20/32] remote-ts=\[10.2.0.0/16]::YES
sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_SUN local-port=4500 local-id=sun.strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.10/32].*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.20/32]::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
import logging
from logging.handlers import SysLogHandler
import subprocess
+import resource
logger = logging.getLogger('updownLogger')
subprocess.call(["ip", "route", "add", ts, "dev", ifname_out])
+# the hard limit (second number) is the value used by python-daemon when closing
+# potentially open file descriptors while daemonizing. since the default is
+# 524288 on newer systems, this can take quite a while, and due to how this
+# range of FDs is handled internally (as set) it can even trigger the OOM killer
+resource.setrlimit(resource.RLIMIT_NOFILE, (256, 256))
+
+
# daemonize and run parallel to the IKE daemon
with daemon.DaemonContext():
logger.debug("starting Python updown listener")
projects / thirdparty / strongswan.git / commitdiff
