From owner-svn-src-all@FreeBSD.ORG Sat Feb 19 07:34:41 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48FED106564A; Sat, 19 Feb 2011 07:34:40 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.garage.freebsd.pl (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id CC9E98FC12; Sat, 19 Feb 2011 07:34:39 +0000 (UTC) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 22ADF45C9F; Sat, 19 Feb 2011 08:34:37 +0100 (CET) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 121C445B36; Sat, 19 Feb 2011 08:34:31 +0100 (CET) Date: Sat, 19 Feb 2011 08:34:12 +0100 From: Pawel Jakub Dawidek To: VANHULLEBUS Yvan Message-ID: <20110219073412.GC2016@garage.freebsd.pl> References: <201102180940.p1I9eD29050530@svn.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="E39vaYmALEf/7YXx" Content-Disposition: inline In-Reply-To: <201102180940.p1I9eD29050530@svn.freebsd.org> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 9.0-CURRENT amd64 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.6 required=4.5 tests=BAYES_00,RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r218794 - in head: . sys/netipsec X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Feb 2011 07:34:41 -0000 --E39vaYmALEf/7YXx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 18, 2011 at 09:40:13AM +0000, VANHULLEBUS Yvan wrote: > Author: vanhu > Date: Fri Feb 18 09:40:13 2011 > New Revision: 218794 > URL: http://svn.freebsd.org/changeset/base/218794 >=20 > Log: > Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant. > This will break interoperability with all older versions of > FreeBSD for those algorithms. > > Reviewed by: bz, gnn > Obtained from: NETASQ > MFC after: 1w First of all, I can't see such a change being merged to stable, where going from 8.2 to 8.3 will break IPsec tunnels. Second of all I really think that an UPDATING entry is not enough. We should at least provide sysctl to change it back and if we can detect this based on packet size, it would be best to log a warning that the other side is using old implementation and it (the other side) should be either upgraded or this sysctl should be changed locally to enable old behaviour. I'm happy to remove such sysctl after one full major release, so we won't support tunnels between FreeBSD 8 and FreeBSD 10, but we should IMHO definitely support tunnels between both 8-9 and 9-10. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --E39vaYmALEf/7YXx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk1fcnMACgkQForvXbEpPzTkhQCeKu09gxPHHuHOoPlms6aS8OIq ksgAnj1LJ5HrZOKuWUhC9FYX8Sbd5RoW =YSPB -----END PGP SIGNATURE----- --E39vaYmALEf/7YXx--