From: Ard v. B. <ar...@kw...> - 2004-07-21 11:48:26
|
On Tue, Jul 20, 2004 at 11:36:22AM +0200, Ard van Breemen wrote: > So, I am just curious what has changed (I will eventually find > it, but I will appreciate a kick in the right direction) to find > out what causes racoon not to update the SPD's anymore. > (Yes, yes, setkey -PF etc... I know, that's not really the issue, > the policy is really generated, and then it expires) Hmmm, currently testing: racoon: 0.2.2 libipsec: 0.3.3 kernel: 2.6.7-rc2 vs 2.6.8-rc2 The most interesting part: it says it is *updating* the SPD, but at the moment that appears, the SPD disappears, even though it had 32 seconds life-time left. A "patched" version of racoon 0.3.3 (the one that lies in isakmp_quick about an SPD being available) exhibits the same behaviour: as soon as it updates the SPD, it receives an X_SPDUPDATE, and the SPD's dissappear. Either something is wrong with my systems (debian sid, gcc 3.3.3 and gcc 3.3.4), or this might be the same kernel bug that has been haunting me when I compiled with PREEMPT=y. (After the spd times out, schedule is called within an atomic/spin_locked region.) Just to let me know I am not insane: does anybody else have problems with "generate_policy on" and expired SPD's? Or for that matter: problems with temporary SPD's and kernel 2.6.7 and higher? My working kernel is 2.4.24 with the backport as found in debian unstable, and ipsec-tools 0.2.2. compiled against that kernel. (No, I do not use RSA, so I don't think there were security bugs to bite me). |