From: Tobias Brunner Date: Tue, 25 Aug 2020 08:28:58 +0000 (+0200) Subject: testing: Fix route-based/net2net-xfrmi-ike scenario X-Git-Tag: 5.9.1dr1~21^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=210c1e26282f03357346579680d60873ca3804c0;p=thirdparty%2Fstrongswan.git testing: Fix route-based/net2net-xfrmi-ike scenario On newer systems, the upper hard limit for open file descriptors (see `ulimit -H -n`) was increased from 4096 to 524288. Due to how python-daemon closes potentially open file descriptors (basically stores them in a set, removes those excluded by config, and loops through all of them), the updown script was either killed immediately (by the OOM killer) or not ready yet when updown events occurred. --- diff --git a/testing/tests/route-based/net2net-xfrmi-ike/evaltest.dat b/testing/tests/route-based/net2net-xfrmi-ike/evaltest.dat index cd514c9a24..f6b8939074 100644 --- a/testing/tests/route-based/net2net-xfrmi-ike/evaltest.dat +++ b/testing/tests/route-based/net2net-xfrmi-ike/evaltest.dat @@ -1,3 +1,4 @@ +sun::cat /var/log/daemon.log::charon-updown.*connected to charon-systemd::YES moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_SUN remote-port=4500 remote-id=sun.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.1.0.10/32] remote-ts=\[10.2.0.0/16].*local-ts=\[10.1.0.20/32] remote-ts=\[10.2.0.0/16]::YES sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_SUN local-port=4500 local-id=sun.strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.10/32].*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.20/32]::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES diff --git a/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/updown.py b/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/updown.py index e3b4982571..fbe89fcfca 100755 --- a/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/updown.py +++ b/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/updown.py @@ -6,6 +6,7 @@ import daemon import logging from logging.handlers import SysLogHandler import subprocess +import resource logger = logging.getLogger('updownLogger') @@ -54,6 +55,13 @@ def install_routes(ike_sa): subprocess.call(["ip", "route", "add", ts, "dev", ifname_out]) +# the hard limit (second number) is the value used by python-daemon when closing +# potentially open file descriptors while daemonizing. since the default is +# 524288 on newer systems, this can take quite a while, and due to how this +# range of FDs is handled internally (as set) it can even trigger the OOM killer +resource.setrlimit(resource.RLIMIT_NOFILE, (256, 256)) + + # daemonize and run parallel to the IKE daemon with daemon.DaemonContext(): logger.debug("starting Python updown listener")