[Openswan dev] [Patch] Correction to aggressive mode IKE policy error message...

Michael H. Warfield mhw at WittsEnd.com
Fri Mar 12 10:30:49 EST 2010


Trivial patches are never.  That error message patch had an error in it
in that it contained a bogus DH group.  Corrected patch attached.  Sorry
about that.  Sigh...


On Fri, 2010-03-12 at 08:59 -0500, Michael H. Warfield wrote: 
> Ok...
> This is really a trivial fix to one of the error messages pointed to by
> Michael and Paul wrt the aggressive mode policy errors.
> On Thu, 2010-03-11 at 13:43 -0500, Michael Richardson wrote:
> spdb_v1_struct.c, in the function:
> > 
> > bool
> > init_am_st_oakley(struct state *st, lset_t policy)
> > 
> > which is called in ikev1_aggr.c, in 
> > 
> >     if(init_am_st_oakley(st, policy) == FALSE) {
> >         loglog(RC_AGGRALGO, "can not initiate aggressive mode, at most
> one algorithm may be provided");
> >         reset_globals();
> >         return STF_FAIL;
> >     }
> > 
> > aggr_outI1(). 
> Ok...  That error message is incorrect, or, at least, imprecise.  That
> branch is not taken when there are multiple policies from the ike= line
> at all.  It's only taken when there is no ike= policy specified.  That
> needs to be clarified as it's confusing.  Instead, now, it should note
> that no policy was specified and the policy should provide only one DH
> group (and that only the first one will be honored if more than one is
> provided).  The attached patch will do this.  The log message may be
> overly long and verbose but I wanted to make it clear.  Obviously, this
> goes hand in hand with the multiproposal patch posted last night.
> Regards,
> Mike

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-2.6.24-aggr-err.diff
Type: text/x-patch
Size: 1151 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20100312/20e61ccf/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20100312/20e61ccf/attachment-0001.bin 

More information about the Dev mailing list