mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code
1480903e1c
openvpn/doc/man-sections
History
Gert Doering b0bff55901 Require at least 100MB of mlock()-able memory if --mlock is used. 
If --mlock is used, the amount of memory OpenVPN can use is guarded
by the RLIMIT_MEMLOCK value (see mlockall(2)).  The OS default for this
is usually 64 Kbyte, which is enough for OpenVPN to initialize, but
as soon as the first TLS handshake comes it, OpenVPN will crash due
to "ouf of memory", and might even end up in a crash loop.

Steady-state OpenVPN requires between 8 MB and 30-50 MB (servers with
many concurrent clients) of memory.  TLS renegotiation with EC keys
requires up to 90 MB of transient memory.

So: with this patch, we check if getrlimit() is available, and if yes,
log the amount of mlock'able memory.  If the amount is below 100 MB,
which is an arbitrary value "large enough for most smaller deployments",
we try to increase the limits to 100 MB, and abort if this fails.

v2:
  change arbitrary number to 100 MB, introduce #define for it
  not only check but also increase with setrlimit()
  uncrustify fixes

v3:
  OpenSolaris has mlockall() and getrlimit(), but no RLIMIT_MEMLOCK -
    make code conditional on HAVE_GETRLIMIT *and* RLIMIT_MEMLOCK
  add Changes.rst entry

Trac: #1390

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20210310124808.14741-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21657.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2021-03-11 17:42:59 +01:00
..
advanced-options.rst Fix best gateway selection over netlink 2020-09-10 11:15:01 +02:00
cipher-negotiation.rst doc: fix typos in cipher-negotiation.rst 2020-08-16 12:43:49 +02:00
client-options.rst man: Improve --remote entry 2020-09-14 12:11:23 +02:00
connection-profiles.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
encryption-options.rst Implement tls-groups option to specify eliptic curves/groups 2020-07-21 22:33:58 +02:00
examples.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
generic-options.rst Require at least 100MB of mlock()-able memory if --mlock is used. 2021-03-11 17:42:59 +01:00
inline-files.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
link-options.rst Remove inetd support from OpenVPN 2021-01-30 11:03:40 +01:00
log-options.rst Remove inetd support from OpenVPN 2021-01-30 11:03:40 +01:00
management-options.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
network-config.rst doc/man: Documentation for --bind-dev / VRFs on Linux 2020-07-17 12:58:58 +02:00
pkcs11-options.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
plugin-options.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
protocol-options.rst Add depreciation notice for --ncp-disable to protocol-options.rst 2020-08-12 12:21:09 +02:00
proxy-options.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
renegotiation.rst Man page sections corrections 2021-01-20 07:53:52 +01:00
script-options.rst Added 'route_ipv6_metric_NN' environment variable for IPv6 route metric. 2020-10-04 15:46:06 +02:00
server-options.rst Implement client side handling of AUTH_PENDING message 2021-02-14 15:56:41 +01:00
signals.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00
tls-options.rst Change pull request timeout use a timeout rather than a number 2021-01-30 19:50:04 +01:00
unsupported-options.rst Remove --no-iv 2020-07-18 10:58:33 +02:00
virtual-routing-and-forwarding.rst doc/man: Documentation for --bind-dev / VRFs on Linux 2020-07-17 12:58:58 +02:00
vpn-network-options.rst Clarify --block-ipv6 intent and direction. 2021-01-18 19:47:27 +01:00
windows-options.rst doc/man: convert openvpn.8 to split-up .rst files 2020-07-17 11:23:18 +02:00