Date: Thu, 26 Jun 2008 12:56:41 -0700 From: Julian Elischer <julian@elischer.org> To: mgrooms@shrew.net Cc: freebsd-net@freebsd.org, brooks@freebsd.org Subject: Re: FreeBSD NAT-T patch integration Message-ID: <4863F479.8010206@elischer.org> In-Reply-To: <86c7b60b19e63e9188701611ac0f6f17@localhost> References: <48ca67dd60c19f94b4f21bbe88854da7@localhost> <86c7b60b19e63e9188701611ac0f6f17@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
mgrooms wrote: >> On Wed, Jun 25, 2008 at 04:30:36PM -0400, Scott Ullrich wrote: >>> On Wed, Jun 25, 2008 at 4:24 PM, Julian Elischer <julian@elischer.org> >> wr= >> ote: >>>> do you have the ability to test this? >>> =20 >>> Absolutely. Is this the only thing from preventing it being merged >> into= >> HEAD? >> >> No. It's a large and complex patch an a subsystem (ipsec) that must not >> be broken. We're a bit shorthanded in this area, but people have been >> working on this for quite some time and IIRC aren't fully comfortable >> with the patch yet. > > Every time the question of integrating the NAT-T patches is brought up, a > post list this is usually where this thread dies. Forgive me for my > persistence :) > >>From this thread and previous threads, its known that FreeBSD + NAT-T is > being used in several production environments without issue. I use it > myself to perform compatibility testing and have never encountered a > problem with later versions of the patch. Not being a FreeBSD kernel > developer, I can't comment on the correctness of the patch, only that it > works well for me. So very respectfully, what needs to happen for this > patch to be committed? > > FreeBSD is a great operating system with a great developer community. If > the patch has been fully reviewed and problems have been found, what are > they? If there is enough demand for this patch to be integrated, maybe > other kernel developers would lend a hand in resolving the issues if they > were made public. Both of the threads I started on this list were answered > by developers willing to pitch in. If the patch hasn't been fully reviewed > and its a lack of man hours required, again, maybe someone can lend a > helping hand in this regard as well. Perhaps a full review with the intent > to commit is happening right now but its just not public knowledge. A reply > to this effect would silence annoying people like myself :) > > I'm not suggesting it should be MFCd tomorrow. A kernel source commit log > occasionally suggests that a patch is being integrated so that it can > receive more testing by the public at large. Maybe committing it to head is > the best action to take? Its a compile time option for IPsec and another > compile time option for NAT-T. Are we really talking about that much of a > risk? > > I'm not trying to start a flame war here, but the patch has been floating > around since before the 5.x days. There just seems to be a dark cloud > hanging over it and I, and no doubt many others, really don't know why. > Please help us understand these reasons and what can be done to help. I'm planning on committing it unless someone can provide a reason not to, as I've seen it working, needed it, and have not seen any bad byproducts. > > Thanks, > > -Matthew > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4863F479.8010206>