[Openswan dev] Possible Memory Leak in Openswan 2.4.5
Paul Wouters
paul at xelerance.com
Mon Jul 31 17:06:16 CEST 2006
On Mon, 31 Jul 2006, Jim Barber wrote:
> I am running the Debian packaged version of Openswan on one of our servers
> here at work.
> The Debian Package version is openswan 2.4.5+dfsg-0.2.
What is "dfsg"?
> What would happen is that Phase 1 of the IPSec tunnel did the shared key
> exchange and successfully completed.
> The phase 2 part failed with an error about INVALID_ID_INFORMATION due to the
> mismatched 10.128.0.0/22 vs 10.128.0.0/16.
Can you check and see if this problem is similar to:
http://bugs.xelerance.com/view.php?id=645
> With a mis-configuration like this, after a while the pluto process starts to
> take up a huge amount of memory.
> In the logs you can see messages such as 'starting keying attempt $X of an
> unlimited number' where $X is a number.
Could you reomcpile openswan and edit programs/pluto/Makefile and enable
-DLEAK_DETECTIVE
then run it until you see a lot of memory being eaten, and nicely restart
openswan (/etc/init.d/openswan restart). This should log a lot of memory
debugging to syslog, which I would be interested in seeing.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Dev
mailing list