[Swan-dev] Tuomo reports IPComp is broken

Paul Wouters paul at nohats.ca
Tue Sep 30 00:04:12 EEST 2014


On Fri, 26 Sep 2014, D. Hugh Redelmeier wrote:

> For the record, Tuomo reported in IRC that IPComp is broken.

Just to close this off, this was fixed with:

commit cf923bd729b34e529ac591a76baa716a98a0cb96
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Sep 26 18:57:42 2014 -0400

     * NETKEY: don't trust PF_KEY API to tell us about IPCOMP support

     pfkey_register_response() does not register an entry for
      msg->sadb_msg_satype=10 to indicate IPCOMP, so we override
     detection. Seems the PF_KEY API in Linux with NETKEY/XFRM
     is not worh using at all. (previous lies discovered are for
     algorithms supported and not announced as well as algorithms
     claimed supported for which we called rmmod/rm)

We have two klips and two netkey compress tests which are passing.

Paul


More information about the Swan-dev mailing list