[Openswan Users] keeping SA made OCF resource leak

willer.wang at cybertan.com.tw willer.wang at cybertan.com.tw
Thu Jul 23 23:13:06 EDT 2009


           I found the problem is not in "re SA", it is in "refcount".

           When a SA with refcount >1, and enter the function ipsec_sa_rm( ).

           This SA just be removed from hash table but won't enter ipsec_sa_wipe( )

           to clean related resource. But I still don't understand the purpose why a deleting

           SA still keeps a refcount >1.

Can someone give me some advice about this?





On 2009-07-21 22:46, David McCullough wrote: 
> Jivin willer.wang@??? lays it down ... 
> > I found a problem between re SA and OCF. 
> > 
> > When SA replaced, OPENSWAN will keep one more SA than it freed. 
> > 
> > With time goes, there will be lots SAs kept in OPENSWAN. 
> > 
> > It?‰X ok if OCF is not up. 
> > 
> > But if we using OPENSWAN with OCF, 
> > 
> > the kept SAs will occupy system resource through OCF. 
> > 
> >  
> > 
> > It seems not easy to modify the state machine of re SA. 
> > 
> > Would someone give me advice about this problem? 
> Which versions of OCF and openswan are you using ? 
> I can't say I have seen this but I may looking in the wrong place :-) 
> How are you determining that you are losing SA's ? 
> Cheers, 
> Davidm 




This e-mail transmission originated at CyberTAN Technology, Inc., and may contain privileged or
confidential information that is the property of CyberTAN and protected by law from disclosure.
If you are not an intended recipient of this transmission and you received it in error,
please inform the sender by reply e-mail and destroy this and all other copies of this transmission
to which you have access. Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090724/a9a8da33/attachment.html 

More information about the Users mailing list