[Openswan dev] Complete system crash if modular IPSEC is unloaded
Joshua Jackson
sfs at vortech.net
Fri Apr 9 20:58:12 CEST 2004
On Friday 09 April 2004 12:15, Paul Wouters wrote:
> On Fri, 9 Apr 2004, Joshua Jackson wrote:
> > I have started experimenting with openswan 1.0.2 and have a run into a
> > bit of a snag. If the ipsec module is rmmod'ed, the entire system crashes
> > with no debug output or additional logging messages.
>
> Odd. Everyone who calls 'service ipsec stop' rmmod's the ipsec.o module if
> they build modular. Most people do, and we never had someone with this
> problem.
>
> Perhaps it is specific to your embedded platform? What cpu is this?
I test with VMWare on a P4. The kernel is a 2.4.25 kernel but also contains
the grsecurity.net hardening patches - I would initially suspect grsecurity,
but I have used it in all previous kernel/Super Freeswan combinations with
the same configuration.
The target is Soekris 4501/4801 boxes which use and AMD and Geode processor
respectively. Everything is x86 compatible.
One other possible point of interest is the fact that I am using busybox
1.00-pre9's modutils.
> Do you have the option of a serial console?
Yes, but I am not currently using it. My product provides the option of VGA or
serial console when it is first installed... I am currently using a VGA
console for VMWare testing.
FYI - I did get everything successfully built into the kernel. You can not
leave both 3DES or MD5 options enabled... If I disable the ALG versions of
ciphers or hash routines that also have built in versions, the whole thing
will build static and works without a hitch on the target system.
--
Joshua Jackson
Vortech Consulting
http://www.vortech.net
More information about the Dev
mailing list