[Openswan Users] keeping SA made OCF resource leak

David McCullough David_Mccullough at securecomputing.com
Tue Jul 21 18:46:41 EDT 2009

Jivin willer.wang at cybertan.com.tw lays it down ...
> I found a problem between re SA and OCF.
> When SA replaced, OPENSWAN will keep one more SA than it freed.
> With time goes, there will be lots SAs kept in OPENSWAN.
> It’s ok if OCF is not up.
> But if we using OPENSWAN with OCF, 
> the kept SAs will occupy system resource through OCF. 
> It seems not easy to modify the state machine of re SA.
> Would someone give me advice about this problem?

Which versions of OCF and openswan are you using ?

I can't say I have seen this but I may looking in the wrong place :-)
How are you determining that you are losing SA's ?


David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org

More information about the Users mailing list