| To: | martin.bouzek@xxxxxxxxxxxx |
|---|---|
| Subject: | Re: Minor IPSec bug + solution |
| From: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
| Date: | Fri, 17 Sep 2004 07:19:23 +1000 |
| Cc: | linux-kernel@xxxxxxxxxxxxxxx, davem@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <1095327372.4466.87.camel@mabouzek> |
| Organization: | Core |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.26-1-686-smp (i686)) |
Martin Bouzek <martin.bouzek@xxxxxxxxxxxx> wrote: > > I was setting up an VPN via IPSec in kernel 2.6.x on IPv4 and found the > following bug. It is not possible to set up an IPComp/ESP tunnel with > IPComp set as mandatory. The following setup works fine for me: You can never set IPComp as mandatory because ipcomp_output() will not compress anything that is incompressible. > function. For tunnels it returns > > tmpl->optional && !xfrm_state_addr_cmp(tmpl, x, family); The check is correct as it is. Internal states must never match any required transform. -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [RFC] inet_opt space saving?, David S. Miller |
|---|---|
| Next by Date: | Re: [Fwd: [Bug 3397] New: Network connections hang going through an OpenBSD firewall], Tomasz Torcz |
| Previous by Thread: | Crypto tests via tcrypt.o modules failes, Zilvinas Valinskas |
| Next by Thread: | Re: Minor IPSec bug + solution, Martin Bouzek |
| Indexes: | [Date] [Thread] [Top] [All Lists] |