[Openswan Users] Unloading klips module removes all /proc/net/ entries

Neal Murphy neal.p.murphy at alum.wpi.edu
Sat Mar 8 16:43:35 EST 2014

On Thursday, March 06, 2014 09:07:12 AM Thomas Geulig wrote:
> I had some problems with unloading the klips module since openswan 2.6.40,
> which happens for example with "ipsec setup --stop".
> After stopping ipsec, all entries in /proc/net/ were removed, not only
> the klips related entries.
> The attached patch removes the backported remove_proc_subtree() code,
> which was only used for the pf_key entries anyway. Now, as in ipsec_proc.c
> already, the function remove_proc_entry() is used. This "works".

'modprobe ipsec; rmmod ipsec' was enough to exhibit the problem. Your patch 
does appear to solve this problem.

I also included your NAT payload patch, but it'll be a while before I can test 


More information about the Users mailing list