svn commit: r218794 - in head: . sys/netipsec

Doug Barton dougb at
Mon Feb 21 19:14:14 UTC 2011

On 02/21/2011 03:01, VANHULLEBUS Yvan wrote:
> On Mon, Feb 21, 2011 at 10:21:43AM +0100, Pawel Jakub Dawidek wrote:
>> >  On Mon, Feb 21, 2011 at 09:40:25AM +0100, VANHULLEBUS Yvan wrote:
> [RFC4868 and MFC]
>> >  You can't talk to two such peers with sysctl or without anyway. I assume
>> >  that if someone already has tunnels configured and they work, they work,
>> >  because the other end uses 96 bits hashes. Once he upgrades there is no
>> >  way to get old behaviour back quickly.
>> >
>> >  You are changing on-the-wire protocol in the middle of stable branch. Am
>> >  I alone in thinking that this is bad idea?
> That's a good question.
> Of other people also think it's a bad idea, I can just forget the MFC.
> But the same problem will happen when we'll release 9.0.
> Of course, this is easier to explain, as this will be a new branch.

IMO RFC compliance trumps -stable here. Admittedly some small percentage 
of users will be inconvenienced, and that is unfortunate. However all 
users who start using this technology from here forward should get the 
full RFC compliant version.

As Bjoern pointed out, we'll see more of this, not less because oddly 
enough RFC publication (like many other external factors) do not revolve 
around our release schedules. :)




	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

More information about the svn-src-all mailing list