[Openswan dev] Re: [Openswan Users] Invalid argument NULL

[Openswan dev] Re: [Openswan Users] Invalid argument NULL

[Herbert Xu]

[-- Attachment #1: Type: text/plain, Size: 1723 bytes --]

On Sun, Aug 15, 2004 at 08:36:59PM +1000, Herbert Xu wrote:
> Jiva DeVoe <jiva@ixiacom.com> wrote:
> > Am trying to set up a couple of crypto_NULL tunnels... (I know, insecure,
> > that's ok... )  I have the module loaded, but I'm getting the following
> > error in pluto's logs:
> > 
> > ERROR: netlink response for Add SA esp.ff31fffb@<ip obscured> included errno
> > 22: Invalid argument
> > 
> > I presume this is something to do with setkey... Any suggestions on what I'm
> > doing wrong?
> 
> You aren't doing anything wrong.  The IPsec stack is :)

It turns out that xfrm_user isn't filling in x->props.ealgo or any of
the other algo values! I guess no one ever noticed because we rely on
the reqid to pick the right SA rather than the values in props.

Unfortunately ESP's init_state function looks at x->props.ealgo to
decide whether it's a NULL transform or not.

That may be something that we want to fix in itself.  However,
for the moment we should probably fill in x->props.*algo since it
is used elsewhere in the IPsec stack.  For example, the user may
create a template that has ealgos set which will require x->props.ealgo
to be set properly.

Come to think of it again, we only check/use aalgo anyway.  Maybe I should
forget about setting these values and just fix esp_init_state?

In any case, here is a really ugly patch to fill in those values for
xfrm_user.  Please let me know of any clean-ups or better ways of doing
this.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[-- Attachment #2: p --]
[-- Type: text/plain, Size: 1519 bytes --]

===== net/xfrm/xfrm_user.c 1.48 vs edited =====
--- 1.48/net/xfrm/xfrm_user.c	2004-08-12 19:59:52 +10:00
+++ edited/net/xfrm/xfrm_user.c	2004-08-15 21:07:03 +10:00
@@ -155,15 +155,24 @@
 	return err;
 }
 
-static int attach_one_algo(struct xfrm_algo **algpp, struct rtattr *u_arg)
+static int attach_one_algo(struct xfrm_algo **algpp, u8 *props,
+			   struct xfrm_algo_desc *(*get_byname)(char *),
+			   struct rtattr *u_arg)
 {
 	struct rtattr *rta = u_arg;
 	struct xfrm_algo *p, *ualg;
+	struct xfrm_algo_desc *algo;
 
 	if (!rta)
 		return 0;
 
 	ualg = RTA_DATA(rta);
+
+	algo = get_byname(ualg->alg_name);
+	if (!algo)
+		return -ENOSYS;
+	*props = algo->desc.sadb_alg_id;
+
 	p = kmalloc(sizeof(*ualg) + ualg->alg_key_len, GFP_KERNEL);
 	if (!p)
 		return -ENOMEM;
@@ -216,11 +225,17 @@
 
 	copy_from_user_state(x, p);
 
-	if ((err = attach_one_algo(&x->aalg, xfrma[XFRMA_ALG_AUTH-1])))
+	if ((err = attach_one_algo(&x->aalg, &x->props.aalgo,
+				   xfrm_aalg_get_byname,
+				   xfrma[XFRMA_ALG_AUTH-1])))
 		goto error;
-	if ((err = attach_one_algo(&x->ealg, xfrma[XFRMA_ALG_CRYPT-1])))
+	if ((err = attach_one_algo(&x->ealg, &x->props.ealgo,
+				   xfrm_ealg_get_byname,
+				   xfrma[XFRMA_ALG_CRYPT-1])))
 		goto error;
-	if ((err = attach_one_algo(&x->calg, xfrma[XFRMA_ALG_COMP-1])))
+	if ((err = attach_one_algo(&x->calg, &x->props.calgo,
+				   xfrm_calg_get_byname,
+				   xfrma[XFRMA_ALG_COMP-1])))
 		goto error;
 	if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1])))
 		goto error;

[-- Attachment #3: Type: text/plain, Size: 135 bytes --]

_______________________________________________
Dev mailing list
Dev@lists.openswan.org
http://lists.openswan.org/mailman/listinfo/dev

Re: [Openswan Users] Invalid argument NULL

[David S. Miller]

On Sun, 15 Aug 2004 21:25:48 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:

> In any case, here is a really ugly patch to fill in those values for
> xfrm_user.  Please let me know of any clean-ups or better ways of doing
> this.

I've applied this for now.  There is a lot of duplication around
the xfrm structures of this kind of information.

Thanks.

[Openswan dev] Re: [Openswan Users] Invalid argument NULL

[Herbert Xu]

On Sun, Aug 15, 2004 at 07:53:13PM -0700, David S. Miller wrote:
> 
> I've applied this for now.  There is a lot of duplication around
> the xfrm structures of this kind of information.

Yes we've got the numbers in x->props and the names in the x->*algo
structure.

The question is do we go with the numbers of the names? On the face
of it the names look like a good idea.  However, we can't do sets of
names as easily as we can do sets of numbers (the *algos mask in
xfrm_tmpl).  Further more, for the actual IKE negotiation, numbers
are required anyway.

So maybe we should keep the numbers?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [Openswan Users] Invalid argument NULL

[David S. Miller]

On Tue, 17 Aug 2004 10:41:41 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:

> So maybe we should keep the numbers?

If we take out the names, won't this break xfrm_user apps
that currently can receive them?

Re: [Openswan Users] Invalid argument NULL

[Herbert Xu]

On Mon, Aug 16, 2004 at 06:03:50PM -0700, David S. Miller wrote:
> On Tue, 17 Aug 2004 10:41:41 +1000
> Herbert Xu <herbert@gondor.apana.org.au> wrote:
> 
> > So maybe we should keep the numbers?
> 
> If we take out the names, won't this break xfrm_user apps
> that currently can receive them?

I mean that we should keep the numbers internally.  So xfrm_user.c
will translate the names given by existing applications into numbers
as the patch that you've just applied does.

We can then create a new NETLINK payload type that uses numbers if
we wish.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [Openswan Users] Invalid argument NULL

[David S. Miller]

On Tue, 17 Aug 2004 11:17:17 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:

> I mean that we should keep the numbers internally.  So xfrm_user.c
> will translate the names given by existing applications into numbers
> as the patch that you've just applied does.

Ok, that works.

> We can then create a new NETLINK payload type that uses numbers if
> we wish.

I think that will just be bloat.