Merging Non-Back-Compatible setkey(8)
From: Crist J. Clark (crist.clark_at_attbi.com)
Date: 05/28/03
- Previous message: Barney Wolff: "Re: ipfw rules vs routes to localhost?"
- Next in thread: B: "Re: Merging Non-Back-Compatible setkey(8)"
- Reply: B: "Re: Merging Non-Back-Compatible setkey(8)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 May 2003 14:48:22 -0700 To: freebsd-net@freebsd.org
I sent a PR into the KAME guys a few weeks back about an issue with
setkey(8). The issue is that setkey(8) refers to the NULL encryption
algorithm by the rather misleading name, 'simple.' I'd hoped they'd
patch it in a back-compatible way, so that 'simple' still would work,
but they've just swapped 'simple' for 'null' in the code.
So now I'm trying to decide what to do, stay close to the vendor and
merge their change, add a hack that accepts both, or leave it for
someone else to worry about when they next sync stuff with KAME.
My personal lean is that 'simple,' now known as 'null,' should only
really be used as a debugging tool so we wouldn't be breaking many, if
any at all, existing installations. I should go ahead and merge it
into -CURRENT and -STABLE (honoring any code freezes of course)
as-is.
So, my reason for writing is, is anyone aware of wide-spread use of
the NULL encryption algorithm in confguration file that will get
broken by such a change?
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Barney Wolff: "Re: ipfw rules vs routes to localhost?"
- Next in thread: B: "Re: Merging Non-Back-Compatible setkey(8)"
- Reply: B: "Re: Merging Non-Back-Compatible setkey(8)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
