[Openswan Users] keeping SA made OCF resource leak
David McCullough
David_Mccullough at securecomputing.com
Tue Jul 21 18:46:41 EDT 2009
Jivin willer.wang at cybertan.com.tw lays it down ...
> I found a problem between re SA and OCF.
>
> When SA replaced, OPENSWAN will keep one more SA than it freed.
>
> With time goes, there will be lots SAs kept in OPENSWAN.
>
> It’s ok if OCF is not up.
>
> But if we using OPENSWAN with OCF,
>
> the kept SAs will occupy system resource through OCF.
>
>
>
> It seems not easy to modify the state machine of re SA.
>
> Would someone give me advice about this problem?
Which versions of OCF and openswan are you using ?
I can't say I have seen this but I may looking in the wrong place :-)
How are you determining that you are losing SA's ?
Cheers,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
More information about the Users
mailing list