In ipsec_rcv.c,<br>int ipsec_rcv_decap(struct ipsec_rcv_state *irs)<br>...<br>line 835: decap_stat = ipsec_rcv_decap_once(irs, proto_funcs);<br><br>                if(decap_stat != IPSEC_RCV_OK) {<br>                        spin_unlock(&tdb_lock);<br>                        KLIPS_PRINT(debug_rcv,<br>                                 "klips_debug:ipsec_rcv: decap_once failed: %d\n",<br>                                 decap_stat);<br>                <br>                        goto rcvleave;<br> }<br>...<br>line 1194: <br>rcvleave:<br>        if(skb) {<br>                ipsec_kfree_skb(skb);<br>        }<br><br>        KLIPS_DEC_USE;<br>        return(0);<br>if return value of ipsec_rcv_decap_once is not IPSEC_RCV_OK, it will return 0 to ipsec_rcv and does not free skb.<br>In ipsec_rcv(struct sk_buff *skb<br>#ifndef PROTO_HANDLER_SINGLE_PARM<br>         unsigned short xlen<br>#endif /* PROTO_HANDLER_SINGLE_PARM */<br>         )<br>line 782,<br> ipsec_rcv_decap(irs);<br>        KLIPS_DEC_USE;<br>        return(0);<br>Thus, if in some cases, such as it receives duplicate esp packet, the packet will neither be decapsulated nor be freed, which will cause memory leak in kernel space.<br><br>It may be resolved by add a line in ipsec_rcv_decap,<br>line 842, <br> skb = irs->skb;<br><br>BTW, the version is openswan 2.4.4<br><!-- footer --><br><br><br><br><br><div style="border-bottom:1px solid #999"></div><br>
        <font color="black" style="font-size:14.8px">你 不 想 试 试 今 夏 最 “酷” 的 邮 箱 吗 ?</font>
        <br>
         <a href="http://www.126.com/" target="_blank" style="font-size:13px;line-height:160%;color:blue">蕴 涵 中 华 传 统 文 化 于 世 界 一 流 科 技 之 中,创 新 Ajax 技 术,126 “D 计 划”火 热 体 验 中 !
</a>