[XFRM]: Probe selected algorithm only - 2.6.11-rc3 IPSEC problem
From: Andy
Date: Sat Feb 05 2005 - 01:14:57 EST
Using 2.6.11-rc3 with Openswan, no IPSEC SA can be established. Kernel
logs "kernel: ESP: md5 digestsize 16 != 0" and netlink returns an error.
The changes to XFRM in 2.6.11-rc3 have an error in xfrm_algo.c such that
xfrm_aalg_get_byname() always returns digest_null (which would indeed
have a zero length digest...)
The problem is here:
$ diff -Naur net/xfrm/xfrm_algo.c*
--- net/xfrm/xfrm_algo.c 2005-02-04 18:05:53.000000000 -0500
+++ net/xfrm/xfrm_algo.c~ 2005-02-04 08:08:16.000000000 -0500
@@ -357,7 +357,7 @@
return NULL;
for (i = 0; i < entries; i++) {
- if (strcmp(name, list[i].name) != 0)
+ if (!strcmp(name, list[i].name))
continue;
if (list[i].available)
where the sense of (!strcmp()) is reversed. It's easier to read by
explicitly comparing to zero, IMHO, as I did in this patch.
--
Andy <andy@xxxxxxxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/