[Openswan dev] Complete system crash if modular IPSEC is unloaded

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Joshua" == Joshua Jackson <jjackson at vortech.net> writes:
    Joshua> I have started experimenting with openswan 1.0.2 and have a
    Joshua> run into a bit of a snag. If the ipsec module is rmmod'ed,
    Joshua> the entire system crashes with no debug output or additional
    Joshua> logging messages.

    Joshua> The kernel locks hard enough that the software watchdog
    Joshua> module will not reboot it and there is no response from the
    Joshua> console or network.

  It should not be possible to rmmod the module when there are
connections active, or interfaces "tncfg".

    Joshua> As a side note, I just ran into this for the first time
    Joshua> after noticing that the ALG modules will not be installed if
    Joshua> klips is compiled directly into the kernel (the way I
    Joshua> usually build the kernel for my embedded Linux product). If
    Joshua> I try to build the ALG modules into the kernel, the build
    Joshua> fails with an enormous list of errors.

  Not surprising - few seem to think that static builds are important.
  The openswan 2.x tree tests that kind of thing every night.

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQHbwgYqHRg3pndX9AQF5vQP+Lw9eHXhsLlXLdQOKS42wO9veIBqlEVxW
xDliQ6o66xwD5IMd6rbOqQQbZH6exIPjgswklFhDUdtTwNqWtKgt9+8LbFjb8yrk
P4fAVGvQc95wXc8xKTgId/jCbfCXXNEjFo0uG9m/+sACuCZLNPoDaaPiUItxXCwJ
zwF8MP9QNbM=
=rFSh
-----END PGP SIGNATURE-----