IPSEC CHARON 100% usage in one core after some time


#1

After boot VyOS 1.2 (201809210337-amd64) after some days (2 or 3) I saw 1 CPU core at 100% usage because of charon. On that case logs like these were printed together with CPU usage.

Oct 16 05:41:51 ROUTER-BGP charon: 04[KNL] unable to receive from RT event socket No buffer space available (105)
Oct 16 05:41:52 ROUTER-BGP charon: 06[KNL] unable to receive from RT event socket No buffer space available (105)
Oct 16 05:41:54 ROUTER-BGP charon: 10[KNL] unable to receive from RT event socket No buffer space available (105)
Oct 16 05:41:55 ROUTER-BGP charon: 07[KNL] unable to receive from RT event socket No buffer space available (105)

I stoped the process IPSEC and everything continued working (BGP, OSPF, firewall).

After reboot the server, the process starts normally like below

There was 1 case that after server reboot, the charon started with high usage and with “charon: 04[KNL] unable to receive from RT event socket No buffer space available (105)” log and 2 BGP sessions (without MD5) don’t started. ->>> Memory Leak on VyOS 1.2 (20180921) consumes 6GB in less than 7 days

I’m using another server with version 1.2 (201807230337-amd64) and in a similar setup (BGP, VRRP, Firewall without OSPF). This server is working for 83 days, and today this process appeared with 100% cpu usage (about 22h ago).

What kind of info can I get to help diagnostic?


#2

Hi,
thanks for reporting
i think it’s problem in upstream
https://wiki.strongswan.org/issues/1467
will create task for patching that


#4

nope, this one is too old, so must be other trouble


#6

After boot VyOS 1.2 (201809210337-amd64) after some days (2 or 3) I saw 1 CPU core at 100% usage because of charon. On that case logs like these were printed together with CPU usage.

This server started last hours with log "charon: 11[KNL] unable to receive from RT event socket No buffer space available (105)".

show log | grep “RT event socket No buffer space available” | wc -l
1161

But, CPU seems to be normal.