[Swan] klips + ipsec whack --shutdown causes lockup
Brian T
btuch at usa.net
Fri Sep 6 19:46:04 UTC 2019
On 9/6/2019 10:44 AM, Brian T wrote:
>> You still have XFRM loaded or compiled in?
I have narrowed it down to these 4 config entries, but I cannot get them
to disable
CONFIG_XFRM=y
CONFIG_XFRM_ALGO=m
CONFIG_XFRM_IPCOMP=m
CONFIG_INET6_XFRM_TUNNEL=m
With those 4 configured, when starting ipsec (before ipsec.ko is loaded)
I get :
[root at DA70N-051656 tmp]# lsmod | grep ipsec
[root at DA70N-051656 tmp]# ipsec --version
Linux Libreswan 3.master-201936.git (netkey) on 4.9.119
[root at DA70N-051656 tmp]# service ipsec start
Starting pluto IKE daemon for IPsec: Warning: found possible XFRM IPsec
stack loaded - attempting to unload...
| pfkey_msg_hdr_build:
| pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbe9945c4
pfkey_ext=0p0xbe9947f8 *pfkey_ext=0p(nil).
| pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbe9945c4
pfkey_ext=0p0xbe9947f8 *pfkey_ext=0p0xbaa150.
| pfkey_msg_build: extensions[0] needs 16 bytes
| pfkey_msg_build: pfkey_msg=0p0xbaa168 allocated 16 bytes,
&(extensions[0])=0p0xbe9947f8
| pfkey_msg_parse: parsing message ver=2, type=9(flush), errno=0,
satype=0(UNKNOWN), len=2, res=0, seq=1, pid=24849.
| pfkey_msg_parse: remain=0
| pfkey_extensions_free:Free extension 0 (16)
.
[root at DA70N-051656 tmp]# ipsec --version
Linux Libreswan 3.master-201936.git (klips) on 4.9.119
[root at DA70N-051656 tmp]# lsmod | grep ipsec
ipsec 374430 2
[root at DA70N-051656 tmp]#
If I try to stop it, It still crashes _something_
-Brian
More information about the Swan
mailing list