[Openswan Users] keeping SA made OCF resource leak

willer.wang at cybertan.com.tw willer.wang at cybertan.com.tw
Fri Jul 31 07:42:00 EDT 2009

I found the point address of expired SAID entering ipsec_sa_rm( ) and entering
Ipsec_sa_wipe( ) is totally different. Although they got the same SAID, but the information inside was changed. This is also the reason why the ocf_in_use became "0". So, the old expired SA still kept related resource without free.

I don't know for what purpose the SA have this kind of behavior, or it's just a bug.
By the way, the version I tested is 2.6.20, but I believe 2.6.22 still got the problem according my experiment before.

Ok,  so I looked at this first.  ocf_in_use is only set by ipsec_ocf_sa_init
and is only cleared by ipsec_ocf_sa_free.

The only possible explanations I can for now are

	* there is memory corruption somewhere
	  (which OCF HW driver are you using ?)
	* perhaps you are looking at an SA that has already been released ?

Did I ask which openswan version you are using ?  Any idea which OCF version ?


David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org


This e-mail transmission originated at CyberTAN Technology, Inc., and may contain privileged or
confidential information that is the property of CyberTAN and protected by law from disclosure.
If you are not an intended recipient of this transmission and you received it in error,
please inform the sender by reply e-mail and destroy this and all other copies of this transmission
to which you have access. Thank you.

More information about the Users mailing list