[Openswan dev] [PATCH] fix SA leaks in openswan 2.6.22 when using klips
mschiller at tdt.de
Tue Aug 4 13:00:50 EDT 2009
From: David McCullough [mailto:David_Mccullough at securecomputing.com]
Sent: Tuesday, August 04, 2009 3:51 PM
> Jivin willer.wang at cybertan.com.tw lays it down ...
>> I have tested this patch, it works.
>> The expired SA will be removed and HW OCF resource can be freed
>> correctly. But I found another problem when using this patch,
>> I established 5 tunnels, and all ipsec_lifetime=60(s).
>> After 21 hours, all tunnels disconnected.
>> And console keeps showing
>> "ipsec_SAref_alloc: unexpected error,
>> refFreeListHead = 102 point to invalid entry"
>> It seems that if total SA ref number > 2^15.
>> The sadb became crashed.
>> Can someone give me advice or direction about this problem ?
> That sounds like you need Martins patch posted to the dev list a few
> days back.
> I have attached it here to save looking, would be good if you can
> test with this one,
Yes, the patch should fix this error.
More information about the Dev