On Fri, 26 Sep 2014, D. Hugh Redelmeier wrote:
For the record, Tuomo reported in IRC that IPComp is broken.
Just to close this off, this was fixed with:
commit cf923bd729b34e529ac591a76baa716a98a0cb96
Author: Paul Wouters <pwout...@redhat.com>
Date: Fri Sep 26 18:57:42 2014 -0400
* NETKEY: don't trust PF_KEY API to tell us about IPCOMP support
pfkey_register_response() does not register an entry for
msg->sadb_msg_satype=10 to indicate IPCOMP, so we override
detection. Seems the PF_KEY API in Linux with NETKEY/XFRM
is not worh using at all. (previous lies discovered are for
algorithms supported and not announced as well as algorithms
claimed supported for which we called rmmod/rm)
We have two klips and two netkey compress tests which are passing.
Paul
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
