From owner-freebsd-net@FreeBSD.ORG  Mon May  3 10:00:14 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B8C5116A4CF
	for <freebsd-net@freebsd.org>; Mon,  3 May 2004 10:00:14 -0700 (PDT)
Received: from ebb.errno.com (ebb.errno.com [66.127.85.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 876A043D1F
	for <freebsd-net@freebsd.org>; Mon,  3 May 2004 10:00:14 -0700 (PDT)
	(envelope-from sam@errno.com)
Received: from [66.127.85.91] ([66.127.85.91])
	(authenticated bits=0)
	by ebb.errno.com (8.12.9/8.12.6) with ESMTP id i43GxmWR084143
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
	Mon, 3 May 2004 09:59:48 -0700 (PDT)
	(envelope-from sam@errno.com)
From: Sam Leffler <sam@errno.com>
Organization: Errno Consulting
To: freebsd-net@freebsd.org
Date: Mon, 3 May 2004 09:59:14 -0700
User-Agent: KMail/1.6.1
References: <40966A47.3040708@xiphos.ca>
In-Reply-To: <40966A47.3040708@xiphos.ca>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200405030959.14622.sam@errno.com>
cc: Marco Berizzi <pupilla@hotmail.com>
cc: chris@e-easy.com.au
Subject: Re: IPComp Tunnel Mode Patch
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2004 17:00:14 -0000

On Monday 03 May 2004 08:50 am, Karim Fodil-Lemelin wrote:
> Hi,
>
>     Here is the patch for getting IPComp to work in tunnel mode. This
> patch is incomplete but It is working enough (for me) to be usefull.
> Here is some notes I made about it:
>
> IPComp works now in tunnel mode with ipv4 only (I wanna fix the m_pulldown
> issue before IPv6 support).
>
> In ipcomp_input.c check before and after m_pulldown, somehting is not right
> (change #if 0 to #if 1 to convice you) since I get a total len (sums of
> m_len from the chain) != m_pkthdr.len. The kludge does it for now but
> should be looked into.
>
> Tested with ESP over IPcomp and IPcomp alone in tunnel mode (needs more
> testing).
>
> Did not try with FAST_IPSEC yet.

FAST_IPSEC uses the crypto subsystem for ipcomp and that code has an issue 
with the kernel zlib code.  It's been a long time since I looked at the issue 
but beware that any problems you hit are likely to be over in the crypto 
stuff and not the protocol support.

If anyone is interested in working on this it'd also be good to bring over the 
openbsd hifn changes to support h/w ipcomp.

	Sam