[Openswan dev] ARM unaligned bug

Albert Veli albert.veli at gmail.com
Thu Jan 21 13:07:04 EST 2010 

Hi!

If I do a couple of tiny modifications then it works on my two ARMs
here. In include/packet.h it says size of isakmp_hdr is 20. But my GDB
insists on 28 so I changed from

#define NSIZEOF_isakmp_hdr      20

to

#define NSIZEOF_isakmp_hdr      28

This works for the ARMs, but I don't know about other architectures.

The other change was in packet.c. I commented out:

passert(pl[NOFFSETOF_isag_np] == ISAKMP_NEXT_NONE);

When I come to this line pl has the hex values: 0D 00 00 14,
ISAKMP_NEXT_NONE is defined to 0. But 0xd is ISAKMP_NEXT_VID if I
understand correctly. I am not familiar with the protocol, but that is
what the debugger says.

If VID is optional (I'm speculating here), maybe this line could do:
passert(pl[NOFFSETOF_isag_np] == ISAKMP_NEXT_NONE ||
pl[NOFFSETOF_isag_np] == ISAKMP_NEXT_VID);

I tried it and it works. The log file looks good.

...
pluto[500]: "ipsec1"[1] 88.88.88.88 #1: enabling possible
NAT-traversal with method 4
pluto[500]: "ipsec1"[1] 88.88.88.88 #1: transition from state
STATE_AGGR_R0 to state STATE_AGGR_R1
pluto[500]: "ipsec1"[1] 88.88.88.88 #1: STATE_AGGR_R1: sent AR1, expecting AI2
pluto[500]: "ipsec1"[1] 88.88.88.88 #1: NAT-Traversal: Result using
RFC 3947 (NAT-Traversal): no NAT detected
...

Patch file for this small change:

diff -urN openswan-2.6.24-orig/include/packet.h openswan-2.6.24/include/packet.h
--- openswan-2.6.24-orig/include/packet.h	2010-01-21 18:04:44.000000000 +0100
+++ openswan-2.6.24/include/packet.h	2010-01-21 18:05:16.000000000 +0100
@@ -166,7 +166,7 @@
  * require them to be zero).
  */

-#define NSIZEOF_isakmp_hdr      20      /* on-the-wire sizeof struct
isakmpg_hdr */
+#define NSIZEOF_isakmp_hdr      28      /* on-the-wire sizeof struct
isakmpg_hdr */
 #define NOFFSETOF_isa_np        8       /* on-the-wire offset of
isa_np (one octet) */
 #define NOFFSETOF_isag_length   2       /* on-the-wire offset of
isag_length (two octets, network order */
 #define NOFFSETOF_isag_np       0       /* on-the-wire offset of
isag_np (one octet) */
diff -urN openswan-2.6.24-orig/lib/libpluto/packet.c
openswan-2.6.24/lib/libpluto/packet.c
--- openswan-2.6.24-orig/lib/libpluto/packet.c	2010-01-21
18:04:44.000000000 +0100
+++ openswan-2.6.24/lib/libpluto/packet.c	2010-01-21 18:05:24.000000000 +0100
@@ -1685,7 +1685,7 @@
 		passert(left >= pllen);
 		if (left == pllen) {
 			/* found last top-level payload */
-			passert(pl[NOFFSETOF_isag_np] == ISAKMP_NEXT_NONE);
+			passert(pl[NOFFSETOF_isag_np] == ISAKMP_NEXT_NONE ||
pl[NOFFSETOF_isag_np] == ISAKMP_NEXT_VID);
 			pl[NOFFSETOF_isag_np] = np;
 			break;  /* done */
 		} else {




Thanks for all the good work guys!


/Albert


On Thu, Jan 21, 2010 at 4:03 AM, Paul Wouters <paul at xelerance.com> wrote:
> On Wed, 20 Jan 2010, Albert Veli wrote:
>
> Albert,
>
> Could you confirm the following patch works on your ARM?
>
> Thanks for your time! And thanks to Hugh for the patch!
>
> Paul

More information about the Dev mailing list