Installing an IPsec SA using old algorithm names (.compat) does not work
if the algorithm is not already loaded. When not using the PF_KEY
interface, algorithms are not preloaded in xfrm_probe_algs() and
installing a IPsec SA fails.
Signed-off-by: Martin Willi <[email protected]>
--- a/net/xfrm/xfrm_algo.c 2006-12-22 16:43:31.000000000 +0100
+++ b/net/xfrm/xfrm_algo.c 2006-12-22 16:58:19.000000000 +0100
@@ -399,7 +399,8 @@ static struct xfrm_algo_desc *xfrm_get_b
if (!probe)
break;
- status = crypto_has_alg(name, type, mask |
CRYPTO_ALG_ASYNC);
+ status = crypto_has_alg(list[i].name, type,
+ mask | CRYPTO_ALG_ASYNC);
if (!status)
break;
On Fri, Dec 22, 2006 at 05:26:43PM +0100, Martin Willi wrote:
> Installing an IPsec SA using old algorithm names (.compat) does not work
> if the algorithm is not already loaded. When not using the PF_KEY
> interface, algorithms are not preloaded in xfrm_probe_algs() and
> installing a IPsec SA fails.
Good catch. Thanks Martin!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
From: Herbert Xu <[email protected]>
Date: Sat, 23 Dec 2006 08:04:46 +1100
> On Fri, Dec 22, 2006 at 05:26:43PM +0100, Martin Willi wrote:
> > Installing an IPsec SA using old algorithm names (.compat) does not work
> > if the algorithm is not already loaded. When not using the PF_KEY
> > interface, algorithms are not preloaded in xfrm_probe_algs() and
> > installing a IPsec SA fails.
>
> Good catch. Thanks Martin!
Applied.
Martin, please be careful with future patch submissions, your
email client corrupted up the patch by adding newlines and
changing tab characters into spaces, so I had to add the patch
by hand.
Herbert, this fix is only needed for 2.6.20 correct? I assume
it was added by the 2.6.20 crypto layer merge, right?
Thanks.
On Thu, Dec 28, 2006 at 09:28:51PM -0800, David Miller wrote:
>
> Herbert, this fix is only needed for 2.6.20 correct? I assume
> it was added by the 2.6.20 crypto layer merge, right?
Yes that's correct.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt