From owner-freebsd-net@FreeBSD.ORG Thu May 29 06:30:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4ADFD37B401 for ; Thu, 29 May 2003 06:30:01 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 104C943FAF for ; Thu, 29 May 2003 06:30:00 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-159-107.client.attbi.com[12.234.159.107]) by attbi.com (sccrmhc02) with ESMTP id <2003052913295900200o4m85e>; Thu, 29 May 2003 13:29:59 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.8p1/8.12.3) with ESMTP id h4TDTvki011782; Thu, 29 May 2003 06:29:57 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.8p1/8.12.8/Submit) id h4TDTul9011781; Thu, 29 May 2003 06:29:56 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Thu, 29 May 2003 06:29:55 -0700 From: "Crist J. Clark" To: "JINMEI Tatuya / ?$B?@L@C#:H" Message-ID: <20030529132955.GA51170@blossom.cjclark.org> References: <20030528214822.GB3907@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-net@freebsd.org Subject: Re: Merging Non-Back-Compatible setkey(8) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: cjclark@alum.mit.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 13:30:01 -0000 On Thu, May 29, 2003 at 01:38:49PM +0900, JINMEI Tatuya / ?$B?@L@C#:H wrote: > >>>>> On Wed, 28 May 2003 14:48:22 -0700, > >>>>> "Crist J. Clark" said: > > > I sent a PR into the KAME guys a few weeks back about an issue with > > setkey(8). The issue is that setkey(8) refers to the NULL encryption > > algorithm by the rather misleading name, 'simple.' I'd hoped they'd > > patch it in a back-compatible way, so that 'simple' still would work, > > but they've just swapped 'simple' for 'null' in the code. > > We (KAME) provided backward compatibility, though the fix warned when > the old name is specified. Our latest code works as follows: > > # /usr/local/v6/sbin/setkey -c << E_O_F > heredoc> add 10.0.0.1 10.0.0.2 esp 123457 -E simple; > heredoc> E_O_F > line 1: WARNING: encryption algorithm is obsoleted. at [simple] > > # /usr/local/v6/sbin/setkey -D | head -10 > 10.0.0.1 10.0.0.2 > esp mode=any spi=123457(0x0001e241) reqid=0(0x00000000) > E: null > seq=0x00000000 replay=0 flags=0x00000040 state=mature > created: May 29 13:37:27 2003 current: May 29 13:37:52 2003 > diff: 25(s) hard: 0(s) soft: 0(s) > last: hard: 0(s) soft: 0(s) > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > allocated: 0 hard: 0 soft: 0 > sadb_seq=8 pid=14308 refcnt=1 Sorry, I hadn't noticed that the changes were made with a number of separate commits when I reviewed them. Thanks for the good work. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org