[Openswan dev] Complete system crash if modular IPSEC is unloaded

Joshua Jackson sfs at vortech.net
Fri Apr 9 20:58:12 CEST 2004

On Friday 09 April 2004 12:15, Paul Wouters wrote:
> On Fri, 9 Apr 2004, Joshua Jackson wrote:
> > I have started experimenting with openswan 1.0.2 and have a run into a
> > bit of a snag. If the ipsec module is rmmod'ed, the entire system crashes
> > with no debug output or additional logging messages.
> Odd. Everyone who calls 'service ipsec stop' rmmod's the ipsec.o module if
> they build modular. Most people do, and we never had someone with this
> problem.
> Perhaps it is specific to your embedded platform? What cpu is this?

I test with VMWare on a P4.  The kernel is a 2.4.25 kernel but also contains 
the grsecurity.net hardening patches - I would initially suspect grsecurity, 
but I have used it in all previous kernel/Super Freeswan combinations with 
the same configuration.

The target is Soekris 4501/4801 boxes which use and AMD and Geode processor 
respectively. Everything is x86 compatible.

One other possible point of interest is the fact that I am using busybox 
1.00-pre9's modutils.

> Do you have the option of a serial console?

Yes, but I am not currently using it. My product provides the option of VGA or 
serial console when it is first installed... I am currently using a VGA 
console for VMWare testing.

FYI - I did get everything successfully built into the kernel. You can not 
leave both 3DES or MD5 options enabled... If I disable the ALG versions of 
ciphers or hash routines that also have built in versions, the whole thing 
will build static and works without a hitch on the target system.

Joshua Jackson
Vortech Consulting

More information about the Dev mailing list