Subject: Re: backward compat in ipsec policy engine
To: Erik Bertelsen <firstname.lastname@example.org>
From: None <email@example.com>
Date: 01/29/2000 02:42:10
>> I'm now trying to upgrade KAME IPsec portion to more recent one.
>> Since KAME tree changed kernel IPsec policy engine, there's binary
>> compatibility issue with old binary and new binary.
>> the most important change is in sys/netkey/keyv2.h. the attached
>> part declares PF_KEY message type.
>> the problem is that, now binary compiled with old header is not usable
>> on new kernel. due to semantics change, it is not trivial to emulate
>> old calls in new kernel. for safety reasons, we may want to
>Well, NetBSD has yet to see a release with IPsec -- so we're only talking
>about compatibility with -currents of different dates.
The above is correct, this is backward-compat issue between
1.4[A-Z] and 1.4[A-Z].
>Therefore it may
>be excusable to break binary compatibility in this case.
>This is just a thought, but not a firm recommendation :-)
Hmm, I think I'll commit it as is (breaks binary compatibility),
and fix it afterwards whenever it becomes necessary. I'll bump up
shlib major for libipsec.