[Swan] klips + ipsec whack --shutdown causes lockup

Brian T btuch at usa.net
Fri Sep 6 19:46:04 UTC 2019


On 9/6/2019 10:44 AM, Brian T wrote:
>> You still have XFRM loaded or compiled in?

I have narrowed it down to these 4 config entries, but I cannot get them 
to disable
CONFIG_XFRM=y
CONFIG_XFRM_ALGO=m
CONFIG_XFRM_IPCOMP=m
CONFIG_INET6_XFRM_TUNNEL=m

With those 4 configured, when starting ipsec (before ipsec.ko is loaded) 
I get :

[root at DA70N-051656 tmp]# lsmod | grep ipsec
[root at DA70N-051656 tmp]# ipsec --version
Linux Libreswan 3.master-201936.git (netkey) on 4.9.119
[root at DA70N-051656 tmp]# service ipsec start
Starting pluto IKE daemon for IPsec: Warning: found possible XFRM IPsec 
stack loaded - attempting to unload...
| pfkey_msg_hdr_build:

| pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbe9945c4 
pfkey_ext=0p0xbe9947f8 *pfkey_ext=0p(nil).

| pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbe9945c4 
pfkey_ext=0p0xbe9947f8 *pfkey_ext=0p0xbaa150.

| pfkey_msg_build: extensions[0] needs 16 bytes

| pfkey_msg_build: pfkey_msg=0p0xbaa168 allocated 16 bytes, 
&(extensions[0])=0p0xbe9947f8

| pfkey_msg_parse: parsing message ver=2, type=9(flush), errno=0, 
satype=0(UNKNOWN), len=2, res=0, seq=1, pid=24849.

| pfkey_msg_parse: remain=0

| pfkey_extensions_free:Free extension 0 (16)
.
[root at DA70N-051656 tmp]# ipsec --version
Linux Libreswan 3.master-201936.git (klips) on 4.9.119
[root at DA70N-051656 tmp]# lsmod | grep ipsec
ipsec                 374430  2
[root at DA70N-051656 tmp]#

If I try to stop it, It still crashes _something_

-Brian



More information about the Swan mailing list