Hi, I am using Linux IPSec and Nat-t support for my server and using it with the Windows Vista clients. Once the SAs are established, after NAT-T the update to the SAs with the port change information using the pfkey is done. The (x->type->init_state(x, NULL)) call inside pfkey_msg2xfrm_state() increases the handle to the module esp4. So after the SA update, if I look at the module usage using lsmod command, I am seeing the usage count as 4 (instead of 2 as the SADB_UPDATE is an update to an existing SA). After deleting the SAs too those extra two references to the esp4 kernel module are not removed, which remains there. When lots of clients connect to the server, after several days/months the usage count for the module esp4 keeps increasing and the box needs a restart to keep going. Has anyone seen this issue or were there some separate patch for this issue? Thanks, Bye, Kannan.J -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
