[Openswan Users] - Building module saga (was: kernel panic )

Paul Wouters paul at xelerance.com
Mon Mar 14 11:23:12 CET 2005

On Thu, 10 Mar 2005 mcr at xelerance.com wrote:

>     Paul> yes, unloading klips causes this failure. I thought we removed
>     Paul> unloading the module from cvs. Are you running a fresh cvs
>     Paul> checkout or could this tree be a few weeks old?
>   No, we did not remove unloading. It works relatively fine on 2.4.
>   Unloading on 2.6 may not work. Neither I nor Linus recommends enabling
> module unloading on 2.6.

We did: from _realsetup:

        #lsmod 2>&1 | grep "^ipsec" > /dev/null && rmmod ipsec'

There were various reasons for this change

1 rmmod'ing ipsec on 2.6 kernels causes a kernel panic
2 removing ipsec causes confusion at the next start as to which kernel
  stack to use, since any trace of a preloaded klips stack has vanished.
  This was causing some people to spontaniously which to NETKEY after an
  openswan restart.
3 module removing might not be fully supported by Linus and kernel developers

We could test for '2.4 and klips and no netkey installed' and then remove
klips, but it seems rather silly to only leave it in for that case.

A testcase should be written to ensure restarting without a rmmod/modprobe of
klips does not leave a lingering state around.


More information about the Users mailing list