[Openswan dev] Problems with netkey acquires.

David McCullough david_mccullough at mcafee.com
Wed Mar 10 19:33:06 EST 2010

Jivin Tuomo Soini lays it down ...
> Tuomo Soini wrote:
> > Tuomo Soini wrote:
> > 
> >> Seem like code matching acquire to tunnel configuration is currently broken.
> > 
> > Just fyi, commit 00ed7490af2e9adc1a936d38693c872cea1e87ba didn not fix
> > this issue on netkey.
> David. Do you have any idea what's problem here.
> With 2.6.24 you get acquire states which are shown in ipsec auto
> --status and never cleaned up.
> It looks like your change "fixed" this but now these acquire states are
> inserted into xfrm policy directly without matching them to loaded conns.

Geez,  I work with klips most the time,  I didn't think code would affect
netkey and it obviously does.

So am I right in saying that netkey was broken before,  and after the change
it's just broken differently ?

I can see if I can spot something,


David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Dev mailing list