Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 19 Feb 2011 08:34:12 +0100
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        VANHULLEBUS Yvan <vanhu@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r218794 - in head: . sys/netipsec
Message-ID:  <20110219073412.GC2016@garage.freebsd.pl>
In-Reply-To: <201102180940.p1I9eD29050530@svn.freebsd.org>
References:  <201102180940.p1I9eD29050530@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--E39vaYmALEf/7YXx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 18, 2011 at 09:40:13AM +0000, VANHULLEBUS Yvan wrote:
> Author: vanhu
> Date: Fri Feb 18 09:40:13 2011
> New Revision: 218794
> URL: http://svn.freebsd.org/changeset/base/218794
>=20
> Log:
>   Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant.
>   This will break interoperability with all older versions of
>   FreeBSD for those algorithms.
>
>   Reviewed by:	bz, gnn
>   Obtained from:	NETASQ
>   MFC after:	1w

First of all, I can't see such a change being merged to stable, where
going from 8.2 to 8.3 will break IPsec tunnels.
Second of all I really think that an UPDATING entry is not enough.
We should at least provide sysctl to change it back and if we can detect
this based on packet size, it would be best to log a warning that the
other side is using old implementation and it (the other side) should be
either upgraded or this sysctl should be changed locally to enable old
behaviour. I'm happy to remove such sysctl after one full major release,
so we won't support tunnels between FreeBSD 8 and FreeBSD 10, but we
should IMHO definitely support tunnels between both 8-9 and 9-10.

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--E39vaYmALEf/7YXx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iEYEARECAAYFAk1fcnMACgkQForvXbEpPzTkhQCeKu09gxPHHuHOoPlms6aS8OIq
ksgAnj1LJ5HrZOKuWUhC9FYX8Sbd5RoW
=YSPB
-----END PGP SIGNATURE-----

--E39vaYmALEf/7YXx--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110219073412.GC2016>