On Tue, Jan 27, 2009 at 07:53:56AM +0000, Eric Sesterhenn wrote:

With current -git i get a different issue (and the box stays alive)

I think I see the problem (though I must say that this code is
really hairy, it's almost like I'm reading your average device
driver!).

When a protocol such as raw or UDP parses extension headers it
stores a pointer to the parsed option in ipv6_txoptions instead
of copying the option.

So as long as you only use it during the system call nothing bad
happens, but once you put the cork on, the next send is going to
go boom.

Any volunteers to fix this?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt