[Swan-dev] Ipcomp and get_sa_info()

[D. Hugh Redelmeier]

| From: Paul Wouters <paul at nohats.ca>

| Are we sure the code was not wrong ?

No.  I only think that I know what it did.

I changed almost no behaviour.  Only the order of displaying flow
counts for AH.

BTW, which code do you suspect?

I think that all the code that I changed was about logging or
reporting in some way.  It had no effect on actual flows.

| Some tests with ipcomp used ping which didn’t compress enough and would 
| actually go out over the non-ipcomp transform.

Isn't what you describe is kernel behaviour, not Pluto behaviour?

I don't think that the code I changed would changed what happens on the 
wire but it might affect what you can observe in Pluto logs.  And even 
then, only if I made a mistake.

| I believe our code was wrong but I also think we might need to pull 
| traffic from the regular and ipcomp state.

Not sure what you mean, but OK.

There were no flow counts reported for ipcomp.  You may want them but
they weren't there.  At least as I understood the code before my
change.

The code in get_sa_info only dealt with one SA.  ESP if present, and
if not, AH, and if not, it went home.  IPCOMP was not considered.
AH+ESP isn't handled

My *guess* is that IPCOMP could be present along with ESP or AH, but
the get_sa_info code doesn't care.