On Sun, Aug 15, 2004 at 08:36:59PM +1000, Herbert Xu wrote:
> Jiva DeVoe <jiva@xxxxxxxxxxx> wrote:
> > Am trying to set up a couple of crypto_NULL tunnels... (I know, insecure,
> > that's ok... ) I have the module loaded, but I'm getting the following
> > error in pluto's logs:
> >
> > ERROR: netlink response for Add SA esp.ff31fffb@<ip obscured> included errno
> > 22: Invalid argument
> >
> > I presume this is something to do with setkey... Any suggestions on what I'm
> > doing wrong?
>
> You aren't doing anything wrong. The IPsec stack is :)
It turns out that xfrm_user isn't filling in x->props.ealgo or any of
the other algo values! I guess no one ever noticed because we rely on
the reqid to pick the right SA rather than the values in props.
Unfortunately ESP's init_state function looks at x->props.ealgo to
decide whether it's a NULL transform or not.
That may be something that we want to fix in itself. However,
for the moment we should probably fill in x->props.*algo since it
is used elsewhere in the IPsec stack. For example, the user may
create a template that has ealgos set which will require x->props.ealgo
to be set properly.
Come to think of it again, we only check/use aalgo anyway. Maybe I should
forget about setting these values and just fix esp_init_state?
In any case, here is a really ugly patch to fill in those values for
xfrm_user. Please let me know of any clean-ups or better ways of doing
this.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
p
Description: Text document
|