Red Hat Bugzilla – Bug 181617
LTC21679-PF_KEY does not dump all IPsec SPD entries
Last modified: 2007-11-30 17:11:24 EST
LTC Owner is: firstname.lastname@example.org
LTC Originator is: email@example.com
Problem description: Racoon SPD dump requests via PF_KEY result in a an
incomplete set of entries being returned to userspace then the number of entries
exceeds available socket buffer space. This is a know PF_KEY issue. TCS is
working on a solution that involves using netlink for SPD dumps, and PF_KEY for
everything else. It is an open question whether this approach will be
acceptable to the ipsec-tools maintainers. This bug report exists to track the
TCS work into FC5 and RHEL5. Here is a top-level post on ipsec-tools-devel:
If this is a customer issue, please indicate the impact to the customer:
Customers using ipsec-tools cannot use racoon and setkey to manage all the SPD
entries when the number if entries is large (several thousand entries).
If this is not an installation problem,
Describe any custom patches installed.
Provide output from "uname -a", if possible: NA. This issue is present
in both the Linux and BSD IPsec implementations.
Machine type (p650, x235, SF2, etc.): NA
Cpu type (Power4, Power5, IA-64, etc.): NA
Describe any special hardware you think might be relevant to this problem: NA
Please provide contact information if the submitter is not the primary contact.
Please provide access information for the machine if it is available.
Is this reproducible?
If so, how long does it (did it) take to reproduce it? Unknown.
Describe the steps: Establish a large SPD, use setkey to dump it, not all
entries are returned.
If not, describe how the bug was encountered: Know bug causing issues with
IPsec/SELinux labeled network testing for LSPP.
Is the system (not just the application) hung? No.
If so, describe how you determined this:
Did the system produce an OOPS message on the console? No.
If so, copy it here:
Is the system sitting in a debugger right now? No.
If so, how long may it stay there?
These bugs are being closed since a large number of updates have been released
after the FC5 test1 and test2 releases. Kindly update your system by running yum
update as root user or try out the third and final test version of FC5 being
released in a short while and verify if the bugs are still present on the system
.Reopen or file new bug reports as appropriate after confirming the presence of
this issue. Thanks
Rahul, please do not close this bug unless yoou've tested that it works. This
bug blocks our work for LSPP.
Can we assign it against fedora-devel instead of one of the test versions. That
would help me triage better.
One more thing. It would also help to change status to assigned instead of new
for reports that the developers are already working on.
Patch was applied in April. Closing this bug.