Hello. In file kernel_netlink_ipsec.c you use the construct:
hdr->nlmsg_len += rthdr->rta_len; It works ok, when key data is aligned to 4 (this is the normal case). But if some payload data (for example, a key) is not multiple of 4 - there will be a mismatch between nlmsg_len and the actual size of the xfrm message. Because XFRM_RTA_NEXT performs alignment, but RTA_LENGTH does not. We made workaround for our needs by changing to: hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); If this patch is ok and it does not break anything else - please, apply it to your code. Best regards, Vladimir
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
