On Fri, 15 Aug 2003, James Morris wrote: > > a two-byte CPI is sent in the IPComp header. Thus, when an IP packet > > with IPComp is received, the two-byte CPI is expanded to four bytes and > > used to index into the SAD. However, since the original SPI that was > > installed into the SAD was 4 bytes, the kernel does not find a match for > > the CPI, and thus drops the packet. > > This should be working ok, as two bytes of the internal SPI will simply be > zero. I've just verified that ipcomp is working in 2.6.0-test3. Ahh, now I know what you might be seeing: IKE needs to specify the range of the SPI. Both pfkey and the native xfrm interfaces support this. - James -- James Morris <jmorris@intercode.com.au> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
