[Openswan Users] 2.6.24rc3 KLIPS Module compilation problem
Paul Wouters
paul at xelerance.com
Wed Nov 18 23:22:06 EST 2009
On Wed, 18 Nov 2009, Sven Schiwek wrote:
>> I assume something changes with bounds.h, and we are not doing the right
>> thing
>> for that kernel version.
>>
>
> Hi,
>
> after a Kernel recompile the error has disappeared - well ok, but I have
Good to know.
> an interesting ipsec restart affect. The UDP Ports 500 and 4500 are not
> released so on every restart a "new" socket pair is created.
if you stop the pluto daemon, nothing should be on those udp ports anymore.
> How can I tell Openswan to release all sockets on a restart? (Normally I
> do a '/etc/init.d/ipsec restart')
That should work.
> $ netstat -a -u -p -n | grep 500
> udp 0 0 111.111.111.111:4500 0.0.0.0:* 12264/pluto
>
> udp 0 0 222.222.222.222:4500 0.0.0.0:* 12264/pluto
> udp 0 0 111.111.111.111:4500 0.0.0.0:* -
> udp 0 0 222.222.222.222:4500 0.0.0.0:* -
> udp 0 0 111.111.111.111:4500 0.0.0.0:* -
> udp 0 0 222.222.222.222:4500 0.0.0.0:* -
> udp 0 0 111.111.111.111:500 0.0.0.0:* 12264/pluto
> udp 0 0 222.222.222.222:500 0.0.0.0:* 12264/pluto
> udp 1272 0 111.111.111.111:500 0.0.0.0:* -
> udp 1272 0 222.222.222.222:500 0.0.0.0:* -
> udp 2120 0 111.111.111.111:500 0.0.0.0:* -
> udp 6536 0 222.222.222.222:500 0.0.0.0:* -
I am not entirely sure what this output means, and what the "-" means. If
the port was still bound, then the new pluto would not be able to bind it.
Perhaps this is an artifact of the new ENCAP marking of a udp port? And that
the old netstat comand does not properly understand this?
Are you sure you in fact have a problem?
Paul
More information about the Users
mailing list