[Openswan dev] Complete system crash if modular IPSEC is unloaded

Michael Richardson mcr at sandelman.ottawa.on.ca
Fri Apr 9 15:50:46 CEST 2004


>>>>> "Joshua" == Joshua Jackson <jjackson at vortech.net> writes:
    Joshua> I have started experimenting with openswan 1.0.2 and have a
    Joshua> run into a bit of a snag. If the ipsec module is rmmod'ed,
    Joshua> the entire system crashes with no debug output or additional
    Joshua> logging messages.

    Joshua> The kernel locks hard enough that the software watchdog
    Joshua> module will not reboot it and there is no response from the
    Joshua> console or network.

  It should not be possible to rmmod the module when there are
connections active, or interfaces "tncfg".

    Joshua> As a side note, I just ran into this for the first time
    Joshua> after noticing that the ALG modules will not be installed if
    Joshua> klips is compiled directly into the kernel (the way I
    Joshua> usually build the kernel for my embedded Linux product). If
    Joshua> I try to build the ALG modules into the kernel, the build
    Joshua> fails with an enormous list of errors.

  Not surprising - few seem to think that static builds are important.
  The openswan 2.x tree tests that kind of thing every night.

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys


More information about the Dev mailing list