In pfkey_msg2xfrm_state, the number of key bits for the encryption
algorithm (which as far as I can tell is the extension header used to
specify IPComp as well as for ESP) is checked even for IPComp. For
IPComp, racoon sets sadb_key_bits to 0 since there is no key involved.
This causes pfkey_msg2xfrm_state to return an error since
(key->sadb_key_bits + 7) / 8 == 0. However, isn't 0 the correct value
for sadb_key_bits when the algorithm is IPComp? If not, then should the
IKE daemon specify a non-zero value for sadb_key_bits when sending an
SADB_ADD message for IPComp?
Brian
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
