Subject: Re: backward compat in ipsec policy engine
To: Jun-ichiro itojun Hagino <>
From: Erik Bertelsen <>
List: tech-net
Date: 01/28/2000 16:24:41
On Fri, Jan 28, 2000 at 05:52:00AM +0900, Jun-ichiro itojun Hagino wrote:
> 	I'm now trying to upgrade KAME IPsec portion to more recent one.
> 	Since KAME tree changed kernel IPsec policy engine, there's binary
> 	compatibility issue with old binary and new binary.
> 	the most important change is in sys/netkey/keyv2.h.  the attached
> 	part declares PF_KEY message type.
> 	the problem is that, now binary compiled with old header is not usable
> 	on new kernel.  due to semantics change, it is not trivial to emulate
> 	old calls in new kernel.  for safety reasons, we may want to

Well, NetBSD has yet to see a release with IPsec -- so we're only talking
about compatibility with -currents of different dates. Therefore it may
be excusable to break binary compatibility in this case.

This is just a thought, but not a firm recommendation :-)

- Erik