Hi! setkey command behaves strangely when SPD is large. Either because I'm doing something wrong or because there is a bug. I believe it's a bug, but who knows... Anyway, after 529 items it simply stops displaying items from SPD with a message
recv: Resource temporarily unavailable This occurs on FC4, Rawhide, Debian and Ubuntu, in other words, it seems it's not distribution specific. It seems it's not setkey's bug because the same behavior is noticed with IKEv2 daemon during SPD scans. Also, ip command successfully displays complete database. Now, I thought that bug is in PFKEY but pfkey_spddump is quite simple and some primitive debugging with printk's showed that that part seems OK, and that bug might be in xfrm_policy_walk. To reproduce that behavior is quite simple. I attached simple perl script that populates SPD with large number of items. After SPD is populated just running 'setkey -DP' yields mentioned error message. Stjepan Gros P.S. And one another question, maybe off topic, but anyway. Is there any reason why ip command doesn't display policy's ID?
set_policy_responder.pl
Description: Perl program
signature.asc
Description: This is a digitally signed message part
