Merging Non-Back-Compatible setkey(8)
Crist J. Clark
crist.clark at attbi.com
Wed May 28 14:48:27 PDT 2003
I sent a PR into the KAME guys a few weeks back about an issue with
setkey(8). The issue is that setkey(8) refers to the NULL encryption
algorithm by the rather misleading name, 'simple.' I'd hoped they'd
patch it in a back-compatible way, so that 'simple' still would work,
but they've just swapped 'simple' for 'null' in the code.
So now I'm trying to decide what to do, stay close to the vendor and
merge their change, add a hack that accepts both, or leave it for
someone else to worry about when they next sync stuff with KAME.
My personal lean is that 'simple,' now known as 'null,' should only
really be used as a debugging tool so we wouldn't be breaking many, if
any at all, existing installations. I should go ahead and merge it
into -CURRENT and -STABLE (honoring any code freezes of course)
as-is.
So, my reason for writing is, is anyone aware of wide-spread use of
the NULL encryption algorithm in confguration file that will get
broken by such a change?
--
Crist J. Clark | cjclark at alum.mit.edu
| cjclark at jhu.edu
http://people.freebsd.org/~cjc/ | cjc at freebsd.org
More information about the freebsd-net
mailing list