When racoon sends the SADB_UPDATE message to the kernel
for an IPComp SA, it includes a struct sadb_key with a
key length of 0. The Linux kernel rejects this update
as invalid due to a key-length of 0. For IPComp, the
kernel expects to get an update message without a
struct sadb_key included. The attached patch does
exactly that by modifying the libipsec pfkey_send_x1
function. It ensures that when the SA type is IPComp,
the update message does not include a struct sadb_key.
If there are any questions regarding this patch, please
5775 Morehouse Dr.
San Diego, CA 92121