Merging Non-Back-Compatible setkey(8)
Crist J. Clark
crist.clark at attbi.com
Thu May 29 06:30:01 PDT 2003
On Thu, May 29, 2003 at 01:38:49PM +0900, JINMEI Tatuya / ?$B?@L at C#:H wrote:
> >>>>> On Wed, 28 May 2003 14:48:22 -0700,
> >>>>> "Crist J. Clark" <crist.clark at attbi.com> said:
>
> > I sent a PR into the KAME guys a few weeks back about an issue with
> > setkey(8). The issue is that setkey(8) refers to the NULL encryption
> > algorithm by the rather misleading name, 'simple.' I'd hoped they'd
> > patch it in a back-compatible way, so that 'simple' still would work,
> > but they've just swapped 'simple' for 'null' in the code.
>
> We (KAME) provided backward compatibility, though the fix warned when
> the old name is specified. Our latest code works as follows:
>
> # /usr/local/v6/sbin/setkey -c << E_O_F
> heredoc> add 10.0.0.1 10.0.0.2 esp 123457 -E simple;
> heredoc> E_O_F
> line 1: WARNING: encryption algorithm is obsoleted. at [simple]
>
> # /usr/local/v6/sbin/setkey -D | head -10
> 10.0.0.1 10.0.0.2
> esp mode=any spi=123457(0x0001e241) reqid=0(0x00000000)
> E: null
> seq=0x00000000 replay=0 flags=0x00000040 state=mature
> created: May 29 13:37:27 2003 current: May 29 13:37:52 2003
> diff: 25(s) hard: 0(s) soft: 0(s)
> last: hard: 0(s) soft: 0(s)
> current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
> allocated: 0 hard: 0 soft: 0
> sadb_seq=8 pid=14308 refcnt=1
Sorry, I hadn't noticed that the changes were made with a number of
separate commits when I reviewed them. Thanks for the good work.
--
Crist J. Clark | cjclark at alum.mit.edu
| cjclark at jhu.edu
http://people.freebsd.org/~cjc/ | cjc at freebsd.org
More information about the freebsd-net
mailing list