svn commit: r313330 - in head: contrib/netcat lib/libipsec sbin/ifconfig sbin/setkey share/man/man4 sys/conf sys/modules sys/modules/ipsec sys/modules/tcp/tcpmd5 sys/net sys/netinet sys/netinet/tcp...

Slawa Olhovchenkov slw at zxy.spb.ru
Tue Feb 7 13:56:08 UTC 2017


On Tue, Feb 07, 2017 at 03:53:05AM +0300, Andrey V. Elsukov wrote:

> On 06.02.2017 17:31, Dmitry Morozovsky wrote:
> >> Date: Mon Feb  6 08:49:57 2017
> >> New Revision: 313330
> >> URL: https://svnweb.freebsd.org/changeset/base/313330
> >>
> >> Log:
> >>   Merge projects/ipsec into head/.
> >
> > [snip]
> >
> > Great, thanks!
> >
> > Have you any plans to merge this into stable/11 to reduce diffs in network
> > stack code?
> 
> It depends from the further users feedback.
> I wanted to do MFC after one or two months. But there are two things 
> that are questionable. The date of stable/11 feature freeze is not 
> known. And there is also some changes that can be considered as POLA 
> violations. E.g. now SPIs are unique, and if user had manually 
> configured SAs with the same SPI, the MFC will break this.

What about IKE? I am don't know, do IKE SPI number negotiation?
Or remote side just assign implicit SPI? In last case posible race on
local system.


More information about the svn-src-head mailing list