On Wed, Dec 24, 2008 at 11:33:55AM -0700, Jason Gunthorpe wrote:

BTW, Herbert, if this is the way to go can you fix StrongSwan?

No I can't since I'm not a Strongswan developer :)

I've cced the people who can though.

Mapping AUTH_HMAC_SHA2_256_128 to 'sha256' in
src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c is not
correct based on this discussion. It needs to be 'hmac(sha256)' and
use this XFRMA_AUTH2 idea. Similarly for all the SHA-2 family of
functions I guess.

Strongswan needs to drop SHA2-256-128 for now since we don't support
it currently.  Once we have XFRMA_AUTH2 it can be restored of course.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt