From owner-freebsd-net@FreeBSD.ORG Fri Jun 27 22:32:45 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1BE731065670; Fri, 27 Jun 2008 22:32:45 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from shrew.net (206-223-169-85.beanfield.net [206.223.169.85]) by mx1.freebsd.org (Postfix) with ESMTP id EB74E8FC12; Fri, 27 Jun 2008 22:32:44 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from localhost (wm-ca.hub.org [206.223.169.82]) by shrew.net (Postfix) with ESMTP id 6A11679E2CA; Fri, 27 Jun 2008 17:32:44 -0500 (CDT) Received: from shrew.net ([206.223.169.85]) by localhost (mx1.hub.org [206.223.169.82]) (amavisd-new, port 10024) with ESMTP id 47389-06; Fri, 27 Jun 2008 22:32:44 +0000 (UTC) Received: from hole.shrew.net (cpe-70-113-206-103.austin.res.rr.com [70.113.206.103]) by shrew.net (Postfix) with ESMTP id C3A7B79E26A; Fri, 27 Jun 2008 17:32:43 -0500 (CDT) Received: from hole.shrew.net (localhost [127.0.0.1]) by hole.shrew.net (8.14.2/8.14.2) with ESMTP id m5RMWfih065181; Fri, 27 Jun 2008 17:32:41 -0500 (CDT) (envelope-from mgrooms@shrew.net) Received: (from www@localhost) by hole.shrew.net (8.14.2/8.14.2/Submit) id m5RMWfmJ065179; Fri, 27 Jun 2008 17:32:41 -0500 (CDT) (envelope-from mgrooms@shrew.net) X-Authentication-Warning: hole.shrew.net: www set sender to mgrooms@shrew.net using -f To: "George V. Neville-Neil" MIME-Version: 1.0 Date: Fri, 27 Jun 2008 17:32:41 -0500 From: mgrooms Organization: Shrew Soft Inc In-Reply-To: References: Message-ID: <5cf41abb4dd14f4e24213575c348c114@localhost> X-Sender: mgrooms@shrew.net User-Agent: RoundCube Webmail/0.1-rc1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org, brooks@freebsd.org, Julian Elischer Subject: Re: FreeBSD NAT-T patch integration X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mgrooms@shrew.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jun 2008 22:32:45 -0000 On Fri, 27 Jun 2008 11:06:19 -0400, "George V. Neville-Neil" wrote: > At Thu, 26 Jun 2008 12:56:41 -0700, > julian wrote: >> >> I'm planning on committing it unless someone can provide a reason not >> to, as I've seen it working, needed it, and have not seen any bad >> byproducts. >> > > I'd be interested to know how you tested it. NAT-T and IPsec are > non-trivial protocols/subsystems that can have far reaching impacts on > the network stack. Also, are you planning to maintain it after > committing it? The biggest problem with NAT-T hasn't been the code, > it's been that the author, who is doing a great job on the code, has > been too busy to maintain it anywhere but at work. That is not a slam > on the person or the code, I have the highest respect for both, but it > reflects and important reality of the situation. Unless you're > stepping up to maintain it as well as commit it I think it should not > be committed. I know the Bjoern has been working hard to pick up the > IPsec stuff in his free time, and I value his input on this subject > quite a bit. > I have tested the patch with Cisco (PIX/ASA), Juniper (GT/SSG), Fortigate, Zywall, Linux and NetBSD to ensure interoperability. Mostly, the RFC and draft 2 versions of the protocol were exercised. What other kinds of tests would you like to see? Objections ... 1) NAT-T and IPsec are non-trivial protocols/subsystems The patch hasn't been reviewed enough? The patch hasn't been tested enough? An unresolved issue has been identified? 2) It can have far reaching impacts on the network stack The changes are not been sufficiently protected by the supplied kernel configuration option? 3) The author has been too busy to maintain it anywhere but at work What does this mean? Since you find his level of commitment unacceptable, what would be required for the patch to be accepted? Thanks, -Matthew