[Swan-dev] Tuomo reports IPComp is broken
Paul Wouters
paul at nohats.ca
Tue Sep 30 00:04:12 EEST 2014
On Fri, 26 Sep 2014, D. Hugh Redelmeier wrote:
> For the record, Tuomo reported in IRC that IPComp is broken.
Just to close this off, this was fixed with:
commit cf923bd729b34e529ac591a76baa716a98a0cb96
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 26 18:57:42 2014 -0400
* NETKEY: don't trust PF_KEY API to tell us about IPCOMP support
pfkey_register_response() does not register an entry for
msg->sadb_msg_satype=10 to indicate IPCOMP, so we override
detection. Seems the PF_KEY API in Linux with NETKEY/XFRM
is not worh using at all. (previous lies discovered are for
algorithms supported and not announced as well as algorithms
claimed supported for which we called rmmod/rm)
We have two klips and two netkey compress tests which are passing.
Paul
More information about the Swan-dev
mailing list