Hi,
I'm considering adding a check for "is there sufficient memory available"
to the --mlock switch, to avoid hard and graceless out-of-memory crashes
later on (trac #1390).
OpenVPN would refuse to start if "less than amount" is available
(ulimit -l / getrlimit(RLIMIT_MEMLOCK)).
Now I wonder wh
If --mlock is used, the amount of memory OpenVPN can use is guarded
by the RLIMIT_MEMLOCK value (see mlockall(2)). The OS default for this
is usually 64 Kbyte, which is enough for OpenVPN to initialize, but
as soon as the first TLS handshake comes it, OpenVPN will crash due
to "ouf of memory", and
Hi,
On Sun, Mar 7, 2021 at 11:31 AM Gert Doering wrote:
> If --mlock is used, the amount of memory OpenVPN can use is guarded
> by the RLIMIT_MEMLOCK value (see mlockall(2)). The OS default for this
> is usually 64 Kbyte, which is enough for OpenVPN to initialize, but
> as soon as the first TLS
Hi,
thanks for the review.
On Sun, Mar 07, 2021 at 12:22:32PM -0500, Selva Nair wrote:
> On Sun, Mar 7, 2021 at 11:31 AM Gert Doering wrote:
>
> > If --mlock is used, the amount of memory OpenVPN can use is guarded
> > by the RLIMIT_MEMLOCK value (see mlockall(2)). The OS default for this
> >
On Sun, Mar 7, 2021 at 1:10 PM Gert Doering wrote:
> Hi,
>
> thanks for the review.
>
> On Sun, Mar 07, 2021 at 12:22:32PM -0500, Selva Nair wrote:
> > On Sun, Mar 7, 2021 at 11:31 AM Gert Doering
> wrote:
> >
> > > If --mlock is used, the amount of memory OpenVPN can use is guarded
> > > by the
Hi,
On Sat, Mar 06, 2021 at 09:56:36PM +0100, Antonio Quartulli wrote:
> On 05/03/2021 15:13, Arne Schwabe wrote:
> > This moves from using our own copy of the TLS1 PRF function to using
> > TLS library provided function where possible. This includes currently
> > OpenSSL 1.1.0+ and mbed TLS 2.18+
Hi,
On Sun, Mar 07, 2021 at 01:36:03PM -0500, Selva Nair wrote:
> > "I'm not sure", TBH. rlimit handling in unix is a bit of an unknown
> > territory for me.
> >
> > What I understand is that root can *increment* the rlimit at will, but
> > I'd assume that the rlimit value "in existance right now
Hi,
On Sun, Mar 7, 2021 at 1:44 PM Gert Doering wrote:
> Hi,
>
> On Sun, Mar 07, 2021 at 01:36:03PM -0500, Selva Nair wrote:
> > > "I'm not sure", TBH. rlimit handling in unix is a bit of an unknown
> > > territory for me.
> > >
> > > What I understand is that root can *increment* the rlimit at
On 07/03/2021 19:20, Selva Nair wrote:
Rereading my comment on Trac #1059 I recall testing this and concluding
100MB enough for clients. On modern machines that's a low amount of memory
--- not allowing swapout of 100MB should be acceptable. For servers, I
think there is no reliable limit th
Hi,
On Sun, Mar 07, 2021 at 02:20:32PM -0500, Selva Nair wrote:
> > That's another possible angle... just up soft+hard to "something"
> > (how much would that be? :-) ) and log the fact.
>
> Rereading my comment on Trac #1059 I recall testing this and concluding
> 100MB enough for clients. On mod
If --mlock is used, the amount of memory OpenVPN can use is guarded
by the RLIMIT_MEMLOCK value (see mlockall(2)). The OS default for this
is usually 64 Kbyte, which is enough for OpenVPN to initialize, but
as soon as the first TLS handshake comes it, OpenVPN will crash due
to "ouf of memory", and
11 matches
Mail list logo
