From owner-svn-src-head@freebsd.org  Tue Feb  7 13:56:07 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DAB5ACD557F;
 Tue,  7 Feb 2017 13:56:07 +0000 (UTC) (envelope-from slw@zxy.spb.ru)
Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 99B5016F6;
 Tue,  7 Feb 2017 13:56:07 +0000 (UTC) (envelope-from slw@zxy.spb.ru)
Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD))
 (envelope-from <slw@zxy.spb.ru>)
 id 1cb6FS-0007Ks-N9; Tue, 07 Feb 2017 16:55:58 +0300
Date: Tue, 7 Feb 2017 16:55:58 +0300
From: Slawa Olhovchenkov <slw@zxy.spb.ru>
To: "Andrey V. Elsukov" <ae@FreeBSD.org>
Cc: Dmitry Morozovsky <marck@rinet.ru>, svn-src-head@freebsd.org,
 svn-src-all@freebsd.org, src-committers@freebsd.org
Subject: Re: svn commit: r313330 - in head: contrib/netcat lib/libipsec
 sbin/ifconfig sbin/setkey share/man/man4 sys/conf sys/modules
 sys/modules/ipsec sys/modules/tcp/tcpmd5 sys/net sys/netinet
 sys/netinet/tcp...
Message-ID: <20170207135558.GF5366@zxy.spb.ru>
References: <201702060849.v168nwmf064277@repo.freebsd.org>
 <alpine.BSF.2.00.1702061730140.94512@woozle.rinet.ru>
 <1e8b55ba-11d2-9563-be44-0e20f7f2f33d@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1e8b55ba-11d2-9563-be44-0e20f7f2f33d@FreeBSD.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: slw@zxy.spb.ru
X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 13:56:08 -0000

On Tue, Feb 07, 2017 at 03:53:05AM +0300, Andrey V. Elsukov wrote:

> On 06.02.2017 17:31, Dmitry Morozovsky wrote:
> >> Date: Mon Feb  6 08:49:57 2017
> >> New Revision: 313330
> >> URL: https://svnweb.freebsd.org/changeset/base/313330
> >>
> >> Log:
> >>   Merge projects/ipsec into head/.
> >
> > [snip]
> >
> > Great, thanks!
> >
> > Have you any plans to merge this into stable/11 to reduce diffs in network
> > stack code?
> 
> It depends from the further users feedback.
> I wanted to do MFC after one or two months. But there are two things 
> that are questionable. The date of stable/11 feature freeze is not 
> known. And there is also some changes that can be considered as POLA 
> violations. E.g. now SPIs are unique, and if user had manually 
> configured SAs with the same SPI, the MFC will break this.

What about IKE? I am don't know, do IKE SPI number negotiation?
Or remote side just assign implicit SPI? In last case posible race on
local system.