[Openswan dev] Re: [Openswan Users] Invalid argument NULL
Herbert Xu
herbert at gondor.apana.org.au
Sun Aug 15 21:36:59 CEST 2004
Jiva DeVoe <jiva at ixiacom.com> wrote:
> Am trying to set up a couple of crypto_NULL tunnels... (I know, insecure,
> that's ok... ) I have the module loaded, but I'm getting the following
> error in pluto's logs:
>
> ERROR: netlink response for Add SA esp.ff31fffb@<ip obscured> included errno
> 22: Invalid argument
>
> I presume this is something to do with setkey... Any suggestions on what I'm
> doing wrong?
You aren't doing anything wrong. The IPsec stack is :)
It's basically a code path that no one has ever tried.
There is a bug in Openswan (my fault) which is fixed by the patch
below.
There is also at least one kernel bug which I'll chase up with the
Linux maintainers.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Index: programs/pluto/kernel.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel.c,v
retrieving revision 1.210
diff -u -r1.210 kernel.c
--- programs/pluto/kernel.c 14 Jun 2004 01:46:02 -0000 1.210
+++ programs/pluto/kernel.c 15 Aug 2004 10:40:06 -0000
@@ -1912,7 +1912,7 @@
said_next->dst_client = &dst_client;
said_next->spi = ipcomp_spi;
said_next->satype = SADB_X_SATYPE_COMP;
- said_next->encalg = compalg;
+ said_next->compalg = compalg;
said_next->encapsulation = encapsulation;
said_next->reqid = c->spd.reqid + 2;
said_next->text_said = text_said;
Index: programs/pluto/kernel.h
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel.h,v
retrieving revision 1.42
diff -u -r1.42 kernel.h
--- programs/pluto/kernel.h 1 Jun 2004 14:43:20 -0000 1.42
+++ programs/pluto/kernel.h 15 Aug 2004 10:40:06 -0000
@@ -63,6 +63,8 @@
unsigned enckeylen;
char *enckey;
+ unsigned compalg;
+
int encapsulation;
#ifdef NAT_TRAVERSAL
u_int16_t natt_sport, natt_dport;
Index: programs/pluto/kernel_netlink.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_netlink.c,v
retrieving revision 1.19
diff -u -r1.19 kernel_netlink.c
--- programs/pluto/kernel_netlink.c 1 Jun 2004 14:43:20 -0000 1.19
+++ programs/pluto/kernel_netlink.c 15 Aug 2004 10:40:15 -0000
@@ -608,7 +608,7 @@
attr = (struct rtattr *)((char *)&req + req.n.nlmsg_len);
- if (sa->authkeylen)
+ if (sa->authalg)
{
struct xfrm_algo algo;
const char *name;
@@ -634,7 +634,7 @@
attr = (struct rtattr *)((char *)attr + attr->rta_len);
}
- if (sa->enckeylen)
+ if (sa->encalg)
{
struct xfrm_algo algo;
const char *name;
@@ -660,15 +660,15 @@
attr = (struct rtattr *)((char *)attr + attr->rta_len);
}
- if (sa->satype == SADB_X_SATYPE_COMP)
+ if (sa->compalg)
{
struct xfrm_algo algo;
const char *name;
- name = sparse_name(calg_list, sa->encalg);
+ name = sparse_name(calg_list, sa->compalg);
if (!name) {
loglog(RC_LOG_SERIOUS, "unknown compression algorithm: %u"
- , sa->encalg);
+ , sa->compalg);
return FALSE;
}
Index: programs/pluto/kernel_pfkey.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_pfkey.c,v
retrieving revision 1.14
diff -u -r1.14 kernel_pfkey.c
--- programs/pluto/kernel_pfkey.c 1 Jun 2004 14:43:20 -0000 1.14
+++ programs/pluto/kernel_pfkey.c 15 Aug 2004 10:40:26 -0000
@@ -814,7 +814,7 @@
, SADB_EXT_SA
, sa->spi /* in network order */
, sa->replay_window, SADB_SASTATE_MATURE
- , sa->authalg, sa->encalg, 0)
+ , sa->authalg, sa->encalg ? sa->encalg: sa->compalg, 0)
, "pfkey_sa Add SA", sa->text_said, extensions)
&& pfkeyext_address(SADB_EXT_ADDRESS_SRC, sa->src
More information about the Dev
mailing list