Date: Tue, 7 Feb 2017 16:55:58 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: "Andrey V. Elsukov" <ae@FreeBSD.org> Cc: Dmitry Morozovsky <marck@rinet.ru>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r313330 - in head: contrib/netcat lib/libipsec sbin/ifconfig sbin/setkey share/man/man4 sys/conf sys/modules sys/modules/ipsec sys/modules/tcp/tcpmd5 sys/net sys/netinet sys/netinet/tcp... Message-ID: <20170207135558.GF5366@zxy.spb.ru> In-Reply-To: <1e8b55ba-11d2-9563-be44-0e20f7f2f33d@FreeBSD.org> References: <201702060849.v168nwmf064277@repo.freebsd.org> <alpine.BSF.2.00.1702061730140.94512@woozle.rinet.ru> <1e8b55ba-11d2-9563-be44-0e20f7f2f33d@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 07, 2017 at 03:53:05AM +0300, Andrey V. Elsukov wrote: > On 06.02.2017 17:31, Dmitry Morozovsky wrote: > >> Date: Mon Feb 6 08:49:57 2017 > >> New Revision: 313330 > >> URL: https://svnweb.freebsd.org/changeset/base/313330 > >> > >> Log: > >> Merge projects/ipsec into head/. > > > > [snip] > > > > Great, thanks! > > > > Have you any plans to merge this into stable/11 to reduce diffs in network > > stack code? > > It depends from the further users feedback. > I wanted to do MFC after one or two months. But there are two things > that are questionable. The date of stable/11 feature freeze is not > known. And there is also some changes that can be considered as POLA > violations. E.g. now SPIs are unique, and if user had manually > configured SAs with the same SPI, the MFC will break this. What about IKE? I am don't know, do IKE SPI number negotiation? Or remote side just assign implicit SPI? In last case posible race on local system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170207135558.GF5366>