[Openswan dev] Re: [Openswan Users] Invalid argument NULL

Herbert Xu herbert at gondor.apana.org.au
Sun Aug 15 21:36:59 CEST 2004


Jiva DeVoe <jiva at ixiacom.com> wrote:
> Am trying to set up a couple of crypto_NULL tunnels... (I know, insecure,
> that's ok... )  I have the module loaded, but I'm getting the following
> error in pluto's logs:
> 
> ERROR: netlink response for Add SA esp.ff31fffb@<ip obscured> included errno
> 22: Invalid argument
> 
> I presume this is something to do with setkey... Any suggestions on what I'm
> doing wrong?

You aren't doing anything wrong.  The IPsec stack is :)

It's basically a code path that no one has ever tried.

There is a bug in Openswan (my fault) which is fixed by the patch
below.

There is also at least one kernel bug which I'll chase up with the
Linux maintainers.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Index: programs/pluto/kernel.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel.c,v
retrieving revision 1.210
diff -u -r1.210 kernel.c
--- programs/pluto/kernel.c	14 Jun 2004 01:46:02 -0000	1.210
+++ programs/pluto/kernel.c	15 Aug 2004 10:40:06 -0000
@@ -1912,7 +1912,7 @@
         said_next->dst_client = &dst_client;
         said_next->spi = ipcomp_spi;
         said_next->satype = SADB_X_SATYPE_COMP;
-        said_next->encalg = compalg;
+        said_next->compalg = compalg;
         said_next->encapsulation = encapsulation;
         said_next->reqid = c->spd.reqid + 2;
         said_next->text_said = text_said;
Index: programs/pluto/kernel.h
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel.h,v
retrieving revision 1.42
diff -u -r1.42 kernel.h
--- programs/pluto/kernel.h	1 Jun 2004 14:43:20 -0000	1.42
+++ programs/pluto/kernel.h	15 Aug 2004 10:40:06 -0000
@@ -63,6 +63,8 @@
 	unsigned enckeylen;
 	char *enckey;
 
+	unsigned compalg;
+
 	int encapsulation;
 #ifdef NAT_TRAVERSAL
 	u_int16_t natt_sport, natt_dport;
Index: programs/pluto/kernel_netlink.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_netlink.c,v
retrieving revision 1.19
diff -u -r1.19 kernel_netlink.c
--- programs/pluto/kernel_netlink.c	1 Jun 2004 14:43:20 -0000	1.19
+++ programs/pluto/kernel_netlink.c	15 Aug 2004 10:40:15 -0000
@@ -608,7 +608,7 @@
 
     attr = (struct rtattr *)((char *)&req + req.n.nlmsg_len);
 
-    if (sa->authkeylen)
+    if (sa->authalg)
     {
 	struct xfrm_algo algo;
 	const char *name;
@@ -634,7 +634,7 @@
 	attr = (struct rtattr *)((char *)attr + attr->rta_len);
     }
 
-    if (sa->enckeylen)
+    if (sa->encalg)
     {
 	struct xfrm_algo algo;
 	const char *name;
@@ -660,15 +660,15 @@
 	attr = (struct rtattr *)((char *)attr + attr->rta_len);
     }
 
-    if (sa->satype == SADB_X_SATYPE_COMP)
+    if (sa->compalg)
     {
 	struct xfrm_algo algo;
 	const char *name;
 
-	name = sparse_name(calg_list, sa->encalg);
+	name = sparse_name(calg_list, sa->compalg);
 	if (!name) {
 	    loglog(RC_LOG_SERIOUS, "unknown compression algorithm: %u"
-		, sa->encalg);
+		, sa->compalg);
 	    return FALSE;
 	}
 
Index: programs/pluto/kernel_pfkey.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_pfkey.c,v
retrieving revision 1.14
diff -u -r1.14 kernel_pfkey.c
--- programs/pluto/kernel_pfkey.c	1 Jun 2004 14:43:20 -0000	1.14
+++ programs/pluto/kernel_pfkey.c	15 Aug 2004 10:40:26 -0000
@@ -814,7 +814,7 @@
 	    , SADB_EXT_SA
 	    , sa->spi	/* in network order */
 	    , sa->replay_window, SADB_SASTATE_MATURE
-	    , sa->authalg, sa->encalg, 0)
+	    , sa->authalg, sa->encalg ? sa->encalg: sa->compalg, 0)
 	, "pfkey_sa Add SA", sa->text_said, extensions)
 
     && pfkeyext_address(SADB_EXT_ADDRESS_SRC, sa->src


More information about the Dev mailing list