IPComp Tunnel Mode Patch
Sam Leffler
sam at errno.com
Mon May 3 10:00:14 PDT 2004
On Monday 03 May 2004 08:50 am, Karim Fodil-Lemelin wrote:
> Hi,
>
> Here is the patch for getting IPComp to work in tunnel mode. This
> patch is incomplete but It is working enough (for me) to be usefull.
> Here is some notes I made about it:
>
> IPComp works now in tunnel mode with ipv4 only (I wanna fix the m_pulldown
> issue before IPv6 support).
>
> In ipcomp_input.c check before and after m_pulldown, somehting is not right
> (change #if 0 to #if 1 to convice you) since I get a total len (sums of
> m_len from the chain) != m_pkthdr.len. The kludge does it for now but
> should be looked into.
>
> Tested with ESP over IPcomp and IPcomp alone in tunnel mode (needs more
> testing).
>
> Did not try with FAST_IPSEC yet.
FAST_IPSEC uses the crypto subsystem for ipcomp and that code has an issue
with the kernel zlib code. It's been a long time since I looked at the issue
but beware that any problems you hit are likely to be over in the crypto
stuff and not the protocol support.
If anyone is interested in working on this it'd also be good to bring over the
openbsd hifn changes to support h/w ipcomp.
Sam
More information about the freebsd-net
mailing list