On Fri, Nov 08, 2002 at 12:27:15PM +0100, bert hubert wrote:
> On Fri, Nov 08, 2002 at 12:15:29PM +0100, bert hubert wrote:
>
> > This code locks up solid on any ipsec TCP traffic outgoing with this
> > configuration:
Bug is here:
+/* Optimize later using cookies and generation ids. */
+
static struct dst_entry *xfrm4_dst_check(struct dst_entry *dst, u32 cookie)
{
- dst_release(dst);
- return NULL;
+ struct dst_entry *child = dst;
+
+ while (child) {
+ if (child->obsolete > 0 ||
+ (child->xfrm && child->xfrm->km.state != XFRM_STATE_VALID)) {
+ dst_release(dst);
+ return NULL;
+ }
+ }
+
+ return dst;
}
Kernel enters a very tight loop here, I'm amazed that magic sysrq still
works, how is that?
Anyhow, this function smells but I'm not sure how it should be fixed,
perhaps child=child->next?
Regards,
bert
>
> Also with the following configuration:
>
> add 10.0.0.216 10.0.0.12 ah 24500 -A hmac-md5 "1234567890123456";
> spdadd 10.0.0.216 10.0.0.11 any -P out ipsec
> ah/transport//require;
>
> -or-
>
> add 10.0.0.216 10.0.0.12 esp 24501 -E 3des-cbc "123456789012123456789012";
> spdadd 10.0.0.216 10.0.0.11 any -P out ipsec
> esp/transport//require;
>
> 10.0.0.12 is a host which does not exist. 'telnet 10.0.0.12' locks up
> instantly. I'm unsure how to extract more data from my kernel.
>
> Regards,
>
> bert
>
> --
> http://www.PowerDNS.com Versatile DNS Software & Services
> http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
-- http://www.PowerDNS.com Versatile DNS Software & Services http://lartc.org Linux Advanced Routing & Traffic Control HOWTO - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Nov 15 2002 - 22:00:15 EST