[Openswan dev] Re: [Openswan Users] Invalid argument NULL

Herbert Xu herbert at gondor.apana.org.au
Sun Aug 15 22:25:48 CEST 2004

On Sun, Aug 15, 2004 at 08:36:59PM +1000, Herbert Xu wrote:
> Jiva DeVoe <jiva at ixiacom.com> wrote:
> > Am trying to set up a couple of crypto_NULL tunnels... (I know, insecure,
> > that's ok... )  I have the module loaded, but I'm getting the following
> > error in pluto's logs:
> > 
> > ERROR: netlink response for Add SA esp.ff31fffb@<ip obscured> included errno
> > 22: Invalid argument
> > 
> > I presume this is something to do with setkey... Any suggestions on what I'm
> > doing wrong?
> You aren't doing anything wrong.  The IPsec stack is :)

It turns out that xfrm_user isn't filling in x->props.ealgo or any of
the other algo values! I guess no one ever noticed because we rely on
the reqid to pick the right SA rather than the values in props.

Unfortunately ESP's init_state function looks at x->props.ealgo to
decide whether it's a NULL transform or not.

That may be something that we want to fix in itself.  However,
for the moment we should probably fill in x->props.*algo since it
is used elsewhere in the IPsec stack.  For example, the user may
create a template that has ealgos set which will require x->props.ealgo
to be set properly.

Come to think of it again, we only check/use aalgo anyway.  Maybe I should
forget about setting these values and just fix esp_init_state?

In any case, here is a really ugly patch to fill in those values for
xfrm_user.  Please let me know of any clean-ups or better ways of doing

Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>

Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
===== net/xfrm/xfrm_user.c 1.48 vs edited =====
--- 1.48/net/xfrm/xfrm_user.c	2004-08-12 19:59:52 +10:00
+++ edited/net/xfrm/xfrm_user.c	2004-08-15 21:07:03 +10:00
@@ -155,15 +155,24 @@
 	return err;
-static int attach_one_algo(struct xfrm_algo **algpp, struct rtattr *u_arg)
+static int attach_one_algo(struct xfrm_algo **algpp, u8 *props,
+			   struct xfrm_algo_desc *(*get_byname)(char *),
+			   struct rtattr *u_arg)
 	struct rtattr *rta = u_arg;
 	struct xfrm_algo *p, *ualg;
+	struct xfrm_algo_desc *algo;
 	if (!rta)
 		return 0;
 	ualg = RTA_DATA(rta);
+	algo = get_byname(ualg->alg_name);
+	if (!algo)
+		return -ENOSYS;
+	*props = algo->desc.sadb_alg_id;
 	p = kmalloc(sizeof(*ualg) + ualg->alg_key_len, GFP_KERNEL);
 	if (!p)
 		return -ENOMEM;
@@ -216,11 +225,17 @@
 	copy_from_user_state(x, p);
-	if ((err = attach_one_algo(&x->aalg, xfrma[XFRMA_ALG_AUTH-1])))
+	if ((err = attach_one_algo(&x->aalg, &x->props.aalgo,
+				   xfrm_aalg_get_byname,
+				   xfrma[XFRMA_ALG_AUTH-1])))
 		goto error;
-	if ((err = attach_one_algo(&x->ealg, xfrma[XFRMA_ALG_CRYPT-1])))
+	if ((err = attach_one_algo(&x->ealg, &x->props.ealgo,
+				   xfrm_ealg_get_byname,
+				   xfrma[XFRMA_ALG_CRYPT-1])))
 		goto error;
-	if ((err = attach_one_algo(&x->calg, xfrma[XFRMA_ALG_COMP-1])))
+	if ((err = attach_one_algo(&x->calg, &x->props.calgo,
+				   xfrm_calg_get_byname,
+				   xfrma[XFRMA_ALG_COMP-1])))
 		goto error;
 	if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1])))
 		goto error;

More information about the Dev mailing list