I've been trying out IPSec on 2.5.69 (i386). setkey add has been failing complaining of "No buffer space available".
For example, this happens when I do this:
#!/usr/local/sbin/setkey -f flush; spdflush; add 192.168.2.100 192.168.2.112 ah 24500 -A hmac-md5 "1234567890123456";
If I patch net/key/af_key.c as follows, however, things work:
--- af_key.c.orig 2003-05-15 13:02:36.000000000 -0700 +++ af_key.c 2003-05-15 13:03:43.000000000 -0700 @@ -1080,7 +1080,7 @@ } }
- x->type = xfrm_get_type(proto, x->props.family); + x->type = xfrm_get_type((uint8_t)proto, x->props.family); if (x->type == NULL) goto out; if (x->type->init_state(x, NULL))
So far I have only tested ping and ping6 in transport mode with manual keying - they work fine.
Thanks for getting IPSec into the kernel,
Jonathan
- : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html