[Openswan dev] ip xfrm bug
Herbert Xu
herbert at gondor.apana.org.au
Fri Dec 14 04:16:59 EST 2007
On Thu, Nov 29, 2007 at 11:41:04AM -0500, Paul Wouters wrote:
>
> I just encountered an ip xfrm bug.
Hi Paul:
Sorry for the late response. You caught me as I was flying
back and forth between Sydney and China :)
> So i ran: ip xfrm policy deleteall
OK, the usualy way to do it is
ip xfrm policy flush
which lets the kernel delete all policies. The deleteall command
is done in user-space. As a result deleteall keeps trying to delete
until the number of policies hits zero. The bug here is that it
is including socket policies in the number of policies.
You can't delete socket policies because they belong to sockets
which belongs to individual processes (and pluto in this case).
Stephen, could you look into this?
> The other end was also a netkey system. The command returned fine there,
> but a minute later came me a kernel oops:
OK this looks bad. Can you reproduce this with a more recent
kernel?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Dev
mailing list