[Openswan Users] keeping SA made OCF resource leak
David_Mccullough at securecomputing.com
Tue Jul 21 18:46:41 EDT 2009
Jivin willer.wang at cybertan.com.tw lays it down ...
> I found a problem between re SA and OCF.
> When SA replaced, OPENSWAN will keep one more SA than it freed.
> With time goes, there will be lots SAs kept in OPENSWAN.
> It’s ok if OCF is not up.
> But if we using OPENSWAN with OCF,
> the kept SAs will occupy system resource through OCF.
> It seems not easy to modify the state machine of re SA.
> Would someone give me advice about this problem?
Which versions of OCF and openswan are you using ?
I can't say I have seen this but I may looking in the wrong place :-)
How are you determining that you are losing SA's ?
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
More information about the Users