Subject: Re: backward compat in ipsec policy engine
To: Jun-ichiro itojun Hagino <firstname.lastname@example.org>
From: Erik Bertelsen <email@example.com>
Date: 01/28/2000 16:24:41
On Fri, Jan 28, 2000 at 05:52:00AM +0900, Jun-ichiro itojun Hagino wrote:
> I'm now trying to upgrade KAME IPsec portion to more recent one.
> Since KAME tree changed kernel IPsec policy engine, there's binary
> compatibility issue with old binary and new binary.
> the most important change is in sys/netkey/keyv2.h. the attached
> part declares PF_KEY message type.
> the problem is that, now binary compiled with old header is not usable
> on new kernel. due to semantics change, it is not trivial to emulate
> old calls in new kernel. for safety reasons, we may want to
Well, NetBSD has yet to see a release with IPsec -- so we're only talking
about compatibility with -currents of different dates. Therefore it may
be excusable to break binary compatibility in this case.
This is just a thought, but not a firm recommendation :-)