[Openswan dev] [PATCH] fix SA leaks in openswan 2.6.22 when using klips

Martin Schiller mschiller at tdt.de
Tue Aug 4 13:00:50 EDT 2009


----Original Message----
From: David McCullough [mailto:David_Mccullough at securecomputing.com]
Sent: Tuesday, August 04, 2009 3:51 PM

> Jivin willer.wang at cybertan.com.tw lays it down ...
>> Hi,
>> 	I have tested this patch, it works.
>> 	The expired SA will be removed and HW OCF resource can be freed
>> 	correctly. But I found another problem when using this patch,
>> 	I established 5 tunnels, and all ipsec_lifetime=60(s).
>> 	After 21 hours, all tunnels disconnected.
>> 	And console keeps showing
>> 	"ipsec_SAref_alloc: unexpected error,
>> 	refFreeListHead = 102 point to invalid entry"
>> 
>> 	It seems that if total SA ref number > 2^15.
>> 	The sadb became crashed.
>> 	Can someone give me advice or direction about this problem ?
> 
> That sounds like you need Martins patch posted to the dev list a few
> days back. 
> I have attached it here to save looking,  would be good if you can
> test with this one, 
> 

Yes, the patch should fix this error.

Regards,
Martin




More information about the Dev mailing list