• State
  • Locked Locked
  • Replies 1 reply
  • Subscribers 99 subscribers
  • Views 1156 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TDA4VM: Linux: Problem with Charon from /usr/libexec/ipsec/charon - high memory consumption

Karan Saxena
Guru* 77774 points
Part Number: TDA4VM

Posting on behalf of :

Hi TI,

I went through the e2e forums but did not find anything related – have you ever noticed any problems with very high (78% of available memory, totalling ~500 MB of RAM) memory consumption of /usr/libexec/ipsec/charon?

I tried to check this process with strace, I can see that it is hanging:

strace: Process 8623 attached

rt_sigtimedwait([HUP INT TERM], NULL, NULL, 8

But unfortunately I can’t seem to find what are the associated processes, other than the one calling it -  /usr/libexec/ipsec/starter --daemon charon --nofork which in turn is called by PID 1, which does not help with debugging.

systemctl status for both processes shows nothing interesting and actually provides a different reading of used memory:

root@j7-evm:~# systemctl status 1010

* strongswan-starter.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf

     Loaded: loaded (/lib/systemd/system/strongswan-starter.service; enabled; vendor preset: enabled)

     Active: active (running) since Thu 2021-04-01 00:13:09 UTC; 15s ago

   Main PID: 994 (starter)

      Tasks: 18 (limit: 178)

     Memory: 19.0M

     CGroup: /system.slice/strongswan-starter.service

             |- 994 /usr/libexec/ipsec/starter --daemon charon --nofork

             `-1010 /usr/libexec/ipsec/charon

 
Apr 01 00:13:09 j7-evm systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.

Apr 01 00:13:09 j7-evm ipsec[994]: Starting strongSwan 5.8.4 IPsec [starter]...

Apr 01 00:13:09 j7-evm ipsec[994]: charon (1010) started after 180 ms

root@j7-evm:~# systemctl status 994

* strongswan-starter.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf

     Loaded: loaded (/lib/systemd/system/strongswan-starter.service; enabled; vendor preset: enabled)

     Active: active (running) since Thu 2021-04-01 00:13:09 UTC; 28s ago

   Main PID: 994 (starter)

      Tasks: 18 (limit: 178)

     Memory: 19.0M

     CGroup: /system.slice/strongswan-starter.service

             |- 994 /usr/libexec/ipsec/starter --daemon charon --nofork

             `-1010 /usr/libexec/ipsec/charon
 

Apr 01 00:13:09 j7-evm systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.

Apr 01 00:13:09 j7-evm ipsec[994]: Starting strongSwan 5.8.4 IPsec [starter]...

Apr 01 00:13:09 j7-evm ipsec[994]: charon (1010) started after 180 ms

Do you know any other methods for checking such data?