Hello,

I’m trying to setup an HA strongswan cluster. I encounter an issue. I’m trying 
to use the last Ubuntu LTS (18.04) with kernel 4.15.x.

I managed to rebuild it with the 4.15.7 HA patch, but this kernel panic very 
often. I think the issue is because the ubuntu kernel enable 
CONFIG_XFRM_OFFLOAD by default.

In the strongswan kernel branch, the commit "xfrm: Add XFRM replay failover 
function to increment outgoing sequence numbers » adds a failover function to 
struct xfrm_replay, but this filed is populated only when CONFIG_XFRM_OFFLOAD 
is disabled ( 
https://git.strongswan.org/?p=linux-dumm.git;a=commitdiff;h=411c1f9e1b566f316bdc33c79ad32aa0950ac963
 ). As this field is not properly setup, each time the code try to call
The failover function, it results in a null pointer access and a kernel panic.

So my question is what is the proper way to fix this ?
Was the CONFIG_XFRM_OFFLOAD missing failover an overlook and I can safely 
populate the failover field in xfrm_replay.c
or is it intentional because using CONFIG_XFRM_OFFLOAD introduce some known 
incompatibility with the HA patch ?


Reply via email to