[Openswan dev] Re: acquire-netlink patch

Herbert Xu herbert at gondor.apana.org.au
Wed Nov 9 20:09:58 CET 2005


On Wed, Nov 09, 2005 at 10:06:54AM +0100, Norbert Wegener wrote:
> the CHANGES file of openswan-2.4.2dr5 contains the remark, that #344 
> netkey-acquire patch is in v2.4.2, so I expect it to be in that dr version.
> If so, it seems, that the problem is not yet solved completely:
> lnxpkkhi:~ # ipsec --version
> Linux Openswan U2.4.2dr5/K2.6.11.4-20a-default (netkey)
> 
> ipsec auto --status|grep acquire
> 000 1.2.3.4/32:0 -0-> 203.128.21.89/32:0 => %hold 0    %acquire-netlink
> 000 1.2.3.4/32:0 -0-> 218.186.20.165/32:0 => %hold 0    %acquire-netlink

This not necessarily a bug.  These rules are added whenever an acquire
message is sent by the kernel to initiate a connection.

It's only a problem if these accumulate which is what #344 is about.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


More information about the Dev mailing list