LTC Owner is: bugrobot.com LTC Originator is: gcwilson.com Problem description: Racoon SPD dump requests via PF_KEY result in a an incomplete set of entries being returned to userspace then the number of entries exceeds available socket buffer space. This is a know PF_KEY issue. TCS is working on a solution that involves using netlink for SPD dumps, and PF_KEY for everything else. It is an open question whether this approach will be acceptable to the ipsec-tools maintainers. This bug report exists to track the TCS work into FC5 and RHEL5. Here is a top-level post on ipsec-tools-devel: http://sourceforge.net/mailarchive/forum.php?thread_id=9674898&forum_id=32000 If this is a customer issue, please indicate the impact to the customer: Customers using ipsec-tools cannot use racoon and setkey to manage all the SPD entries when the number if entries is large (several thousand entries). If this is not an installation problem, Describe any custom patches installed. Provide output from "uname -a", if possible: NA. This issue is present in both the Linux and BSD IPsec implementations. Hardware Environment Machine type (p650, x235, SF2, etc.): NA Cpu type (Power4, Power5, IA-64, etc.): NA Describe any special hardware you think might be relevant to this problem: NA Please provide contact information if the submitter is not the primary contact. Please provide access information for the machine if it is available. Is this reproducible? If so, how long does it (did it) take to reproduce it? Unknown. Describe the steps: Establish a large SPD, use setkey to dump it, not all entries are returned. If not, describe how the bug was encountered: Know bug causing issues with IPsec/SELinux labeled network testing for LSPP. Is the system (not just the application) hung? No. If so, describe how you determined this: Did the system produce an OOPS message on the console? No. If so, copy it here: Is the system sitting in a debugger right now? No. If so, how long may it stay there? Additional information:
These bugs are being closed since a large number of updates have been released after the FC5 test1 and test2 releases. Kindly update your system by running yum update as root user or try out the third and final test version of FC5 being released in a short while and verify if the bugs are still present on the system .Reopen or file new bug reports as appropriate after confirming the presence of this issue. Thanks
Rahul, please do not close this bug unless yoou've tested that it works. This bug blocks our work for LSPP.
Can we assign it against fedora-devel instead of one of the test versions. That would help me triage better.
One more thing. It would also help to change status to assigned instead of new for reports that the developers are already working on.
Patch was applied in April. Closing this bug.