FreeBSD NAT-T patch integration

Julian Elischer julian at elischer.org
Thu Jun 26 19:56:26 UTC 2008 

mgrooms wrote:
>> On Wed, Jun 25, 2008 at 04:30:36PM -0400, Scott Ullrich wrote:
>>> On Wed, Jun 25, 2008 at 4:24 PM, Julian Elischer <julian at elischer.org>
>> wr=
>> ote:
>>>> do you have the ability to test this?
>>> =20
>>> Absolutely.   Is this the only thing from preventing it being merged
>> into=
>>  HEAD?
>>
>> No.  It's a large and complex patch an a subsystem (ipsec) that must not
>> be broken.  We're a bit shorthanded in this area, but people have been
>> working on this for quite some time and IIRC aren't fully comfortable
>> with the patch yet.
> 
> Every time the question of integrating the NAT-T patches is brought up, a
> post list this is usually where this thread dies. Forgive me for my
> persistence :)
> 
>>From this thread and previous threads, its known that FreeBSD + NAT-T is
> being used in several production environments without issue. I use it
> myself to perform compatibility testing and have never encountered a
> problem with later versions of the patch. Not being a FreeBSD kernel
> developer, I can't comment on the correctness of the patch, only that it
> works well for me. So very respectfully, what needs to happen for this
> patch to be committed?
> 
> FreeBSD is a great operating system with a great developer community. If
> the patch has been fully reviewed and problems have been found, what are
> they? If there is enough demand for this patch to be integrated, maybe
> other kernel developers would lend a hand in resolving the issues if they
> were made public. Both of the threads I started on this list were answered
> by developers willing to pitch in. If the patch hasn't been fully reviewed
> and its a lack of man hours required, again, maybe someone can lend a
> helping hand in this regard as well. Perhaps a full review with the intent
> to commit is happening right now but its just not public knowledge. A reply
> to this effect would silence annoying people like myself :)
> 
> I'm not suggesting it should be MFCd tomorrow. A kernel source commit log
> occasionally suggests that a patch is being integrated so that it can
> receive more testing by the public at large. Maybe committing it to head is
> the best action to take? Its a compile time option for IPsec and another
> compile time option for NAT-T. Are we really talking about that much of a
> risk?
> 
> I'm not trying to start a flame war here, but the patch has been floating
> around since before the 5.x days. There just seems to be a dark cloud
> hanging over it and I, and no doubt many others, really don't know why.
> Please help us understand these reasons and what can be done to help.

I'm planning on committing it unless someone can provide a reason not 
to, as I've seen it working, needed it, and have not seen any bad 
byproducts.

> 
> Thanks,
> 
> -Matthew
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list