From owner-freebsd-net@FreeBSD.ORG Thu Jun 26 19:56:26 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F85A106566C for ; Thu, 26 Jun 2008 19:56:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outL.internet-mail-service.net (outl.internet-mail-service.net [216.240.47.235]) by mx1.freebsd.org (Postfix) with ESMTP id 7E28B8FC25 for ; Thu, 26 Jun 2008 19:56:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 4E8FA247C; Thu, 26 Jun 2008 12:56:26 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 298332D6014; Thu, 26 Jun 2008 12:56:26 -0700 (PDT) Message-ID: <4863F479.8010206@elischer.org> Date: Thu, 26 Jun 2008 12:56:41 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: mgrooms@shrew.net References: <48ca67dd60c19f94b4f21bbe88854da7@localhost> <86c7b60b19e63e9188701611ac0f6f17@localhost> In-Reply-To: <86c7b60b19e63e9188701611ac0f6f17@localhost> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, brooks@freebsd.org Subject: Re: FreeBSD NAT-T patch integration X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2008 19:56:26 -0000 mgrooms wrote: >> On Wed, Jun 25, 2008 at 04:30:36PM -0400, Scott Ullrich wrote: >>> On Wed, Jun 25, 2008 at 4:24 PM, Julian Elischer >> wr= >> ote: >>>> do you have the ability to test this? >>> =20 >>> Absolutely. Is this the only thing from preventing it being merged >> into= >> HEAD? >> >> No. It's a large and complex patch an a subsystem (ipsec) that must not >> be broken. We're a bit shorthanded in this area, but people have been >> working on this for quite some time and IIRC aren't fully comfortable >> with the patch yet. > > Every time the question of integrating the NAT-T patches is brought up, a > post list this is usually where this thread dies. Forgive me for my > persistence :) > >>From this thread and previous threads, its known that FreeBSD + NAT-T is > being used in several production environments without issue. I use it > myself to perform compatibility testing and have never encountered a > problem with later versions of the patch. Not being a FreeBSD kernel > developer, I can't comment on the correctness of the patch, only that it > works well for me. So very respectfully, what needs to happen for this > patch to be committed? > > FreeBSD is a great operating system with a great developer community. If > the patch has been fully reviewed and problems have been found, what are > they? If there is enough demand for this patch to be integrated, maybe > other kernel developers would lend a hand in resolving the issues if they > were made public. Both of the threads I started on this list were answered > by developers willing to pitch in. If the patch hasn't been fully reviewed > and its a lack of man hours required, again, maybe someone can lend a > helping hand in this regard as well. Perhaps a full review with the intent > to commit is happening right now but its just not public knowledge. A reply > to this effect would silence annoying people like myself :) > > I'm not suggesting it should be MFCd tomorrow. A kernel source commit log > occasionally suggests that a patch is being integrated so that it can > receive more testing by the public at large. Maybe committing it to head is > the best action to take? Its a compile time option for IPsec and another > compile time option for NAT-T. Are we really talking about that much of a > risk? > > I'm not trying to start a flame war here, but the patch has been floating > around since before the 5.x days. There just seems to be a dark cloud > hanging over it and I, and no doubt many others, really don't know why. > Please help us understand these reasons and what can be done to help. I'm planning on committing it unless someone can provide a reason not to, as I've seen it working, needed it, and have not seen any bad byproducts. > > Thanks, > > -Matthew > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"