Date: Tue, 31 Aug 1999 10:13:35 +0900 From: itojun@iijlab.net To: core@freebsd.org Cc: hackers@freebsd.org Subject: KAME IPv6 and freebsd Message-ID: <14955.936062015@coconut.itojun.org>
next in thread | raw e-mail | index | archive | help
------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <14898.936061703.1@coconut.itojun.org> Content-Transfer-Encoding: 7bit I heard that, some of you, got confused by recent news about additional NetBSD-core guys (me). The above fact does not change anything about KAME-FreeBSD relationship (I can only speak for KAME side though), because: - KAME project's goal is to provide IPv6/IPsec reference code to *BSD, so we of course continue to work on KAME/FreeBSD, KAME/BSDI, and KAME/NetBSD. We are trying to support KAME/OpenBSD (so that no major BSDs are left out from our support list). - KAME project is NOT itojun's personal project. It involves 8 core KAME guys and several other people. There are 3 KAME guys (incl. me) who has committer access to FreeBSD repository. So, the fact I became one of NetBSD-core does not mean anything to KAME project. - NetBSD merged KAME stack earlier because NetBSD have more strict "feature freeze" policy than FreeBSD (if I don't import now KAME will not be inclduded in NetBSD 1.5). FreeBSD has been waiting for unified-ipv6 to experience less "jumbo import" during IPv6 merge. And then, FreeBSD-IPv6 plan. Now (as attached), unified-ipv6 effort has settled down into KAME. so it should be okay to merge KAME (= unified-ipv6) into FreeBSD-current. There may be some changes that may trouble you during the first period of merging, but I think FreeBSD and KAME guys can work those technical issues out. KAME side is, I think, quite ready to merge. KAME side needs FreeBSD-core's word like "okay, go ahead", and direction about merger of IPsec part. itojun ------- =_aaaaaaaaaa0 Content-Type: message/rfc822 Return-Path: <owner-freebsd-security@FreeBSD.ORG> Received: from hub.freebsd.org (hub.FreeBSD.ORG [204.216.27.18]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id RAA29814 for <itojun@itojun.org>; Mon, 23 Aug 1999 17:01:31 +0900 (JST) Received: by hub.freebsd.org (Postfix, from userid 538) id 57A1315684; Mon, 23 Aug 1999 00:53:35 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with SMTP id 3C05E1CD8AC; Mon, 23 Aug 1999 00:53:35 -0700 (PDT) (envelope-from owner-freebsd-security) Received: by hub.freebsd.org (bulk_mailer v1.12); Mon, 23 Aug 1999 00:53:35 -0700 Delivered-To: freebsd-security@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 4210915764 for <freebsd-security@FreeBSD.ORG>; Mon, 23 Aug 1999 00:53:23 -0700 (PDT) (envelope-from itojun@itojun.org) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id QAA29580; Mon, 23 Aug 1999 16:53:09 +0900 (JST) To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: freebsd-security@FreeBSD.ORG In-reply-to: jkh's message of Sun, 22 Aug 1999 20:42:46 MST. <4726.935379766@localhost> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: IPsec/IPv6 From: itojun@iijlab.net Date: Mon, 23 Aug 1999 16:53:09 +0900 Message-ID: <29578.935394789@coconut.itojun.org> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk X-Filter: mailagent [version 3.0 PL56] for itojun@itojun.org >> Bah, so FreeBSD will be InSecureBSD ? Well, so long as the ITAR bear >> stands around making grizzly noises at people, it seems. >I wouldn't count on that. As far as I can tell, what's holding KAME >integration up is the fact that they're not done merging with INRIA >yet. A news about NRL/INRIA/KAME merging (unified-ipv6). unified-ipv6 project has been in big trouble with manpower, design differences. Recently situations changed for all of us so here's the decision we have made. NRL decided to concentrates on IPsec (because in US not much interest in IPv6 than IPsec - people in US are lucky about IPv4 address space, it seems). INRIA will be doing future researches on top of KAME code. KAME agreed to add some knobs that helps INRIA to do their experiment. So, it is planned that KAME will have an alias: "unified-ipv6". KAME team is trying to ship KAME/OpenBSD and KAME/BSDI4 during this month or next month (September). KAME September 30th STABLE kit will officially have "unified-ipv6" alias on it. It is now okay to merge KAME code into FreeBSD, I believe. If you do not feel ready, I'll be visiting FreeBSDCon so let's talk about it there (but will cause 2 month delay from now). The biggest problem is how to keep mutiple repositories in sync. KAME (= unified-ipv6) code shares most of IPv6 code among *BSD platforms. If FreeBSD repository is modified after import, and that conflicts with content in KAME repository, we can't merge that back in. So I would like to suggest FreeBSD project to refrain from changing IPv6 part too much, for certain amount of time (*). Rather, please send diffs to KAME. >Once that happens, I'm more than happy to continue to lean on >Justice Maryln Patel's decision on crypto as free speach in the S.F. >Bay Area region. We've already talked to our lawyer, he said it >looked legit to him, and so we've been shipping crypto on our CDs for >over a year now. I even announced it back then, to almost no audience >reaction whatsoever. It seems that people like to get more excited >about the prospect of something being closed than it being opened >up. :) It now happened, so please contact Mr. Patel:-) KAME team really needs your suggestions on how to integrate crypto part. In case of NetBSD/KAME integration, we did like this: - place IPsec core part and AH part into cvs.netbsd.org (in US) - place ESP part and crypto algorithms (DES, Blowfish and whatever in cvs.fi.netbsd.org (in finland) We need some tricky symbolic link, or makefile/config hack for this separated repository (NetBSD has makefile and config hack). itojun (*) As a side note: actually, KAME and unified-ipv6 has been experiencing big trouble sharing IPv6 code among *BSD, due to FreeBSD's variable renaming like ifa_list (ifa_link on others) or time_second (why FreeBSD couldn't reuse time.tv_sec to hold this? I don't get it). I'd like propose to fix those back to more standard ones (ifa_link or time.tv_sec) for portability among *BSD. If you are okay, those changes will come with FreeBSD/KAME integration. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message ------- =_aaaaaaaaaa0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14955.936062015>