FreeBSD NAT-T patch integration
mgrooms
mgrooms at shrew.net
Thu Jun 26 18:49:39 UTC 2008
> On Wed, Jun 25, 2008 at 04:30:36PM -0400, Scott Ullrich wrote:
>> On Wed, Jun 25, 2008 at 4:24 PM, Julian Elischer <julian at elischer.org>
> wr=
> ote:
>> > do you have the ability to test this?
>>=20
>> Absolutely. Is this the only thing from preventing it being merged
> into=
> HEAD?
>
> No. It's a large and complex patch an a subsystem (ipsec) that must not
> be broken. We're a bit shorthanded in this area, but people have been
> working on this for quite some time and IIRC aren't fully comfortable
> with the patch yet.
Every time the question of integrating the NAT-T patches is brought up, a
post list this is usually where this thread dies. Forgive me for my
persistence :)
>From this thread and previous threads, its known that FreeBSD + NAT-T is
being used in several production environments without issue. I use it
myself to perform compatibility testing and have never encountered a
problem with later versions of the patch. Not being a FreeBSD kernel
developer, I can't comment on the correctness of the patch, only that it
works well for me. So very respectfully, what needs to happen for this
patch to be committed?
FreeBSD is a great operating system with a great developer community. If
the patch has been fully reviewed and problems have been found, what are
they? If there is enough demand for this patch to be integrated, maybe
other kernel developers would lend a hand in resolving the issues if they
were made public. Both of the threads I started on this list were answered
by developers willing to pitch in. If the patch hasn't been fully reviewed
and its a lack of man hours required, again, maybe someone can lend a
helping hand in this regard as well. Perhaps a full review with the intent
to commit is happening right now but its just not public knowledge. A reply
to this effect would silence annoying people like myself :)
I'm not suggesting it should be MFCd tomorrow. A kernel source commit log
occasionally suggests that a patch is being integrated so that it can
receive more testing by the public at large. Maybe committing it to head is
the best action to take? Its a compile time option for IPsec and another
compile time option for NAT-T. Are we really talking about that much of a
risk?
I'm not trying to start a flame war here, but the patch has been floating
around since before the 5.x days. There just seems to be a dark cloud
hanging over it and I, and no doubt many others, really don't know why.
Please help us understand these reasons and what can be done to help.
Thanks,
-Matthew
More information about the freebsd-net
mailing list