Re: Time to retire some ancient network pseudo-interfaces?

[Maxime Villard <max%m00nbsd.net@localhost>]

Le 27/10/2018 à 11:06, Martin Husemann a écrit :
> On Sat, Oct 27, 2018 at 08:54:51AM +0200, Maxime Villard wrote:
> > Maybe we should do better filtering when adding stuff. For example, SCTP
> > should not have been added, there is an enormous work to do to make it
> > ~reasonable, and it doesn't look like anyone has any intention to do that
> > any time soon.
> >
> > So it's here, with its thousands of lines of code, it consumes APIs and
> > makes stuff harder to change; but it will never be enabled.
>
> Maxime, it is very good that you are enthusiastic, but your "it needs
> to be perfect" attitude and the way you shoot around and hurt people
> does IMHO actively discurage people from improving NetBSD.
>
> Please use technical criticisms if you have any, but avoid this broad
> "everything is shit" mails. Everyone will read an implied "unless I did it"
> and dismiss your (probably valid) point (that you did not even make).

I didn't even give technical criticism because it's exactly the same thing
as racoon. Except that this is kernel code - that is thankfully disabled by
default.

So watch the packet entry point, sctp_input(), full of dead stuff already,
there is even a printf (really?), half of what is being done is wrong like
changing 'iphlen', the IPsec stuff is not implemented correctly, and so on.

Then the code in general, which is uselessly big and messy (see the number
of arguments given to each function for example), that probably makes wrong
use of the mbuf API (like M_PROTO1), is invasive, and doesn't look far from
collapsing completely. As a side note, I am also personally aware of a
buffer overflow deep in the SCTP packet handling.

Not to mention that the commit message for all of that code did not even
say where the code was coming from.

I'm not saying that we should remove SCTP, but rather that it probably
shouldn't have been imported in the first place. In its current state it
is obvious we won't enable it anytime soon, and it doesn't look like
anyone is working on improving that state.

The interest of SCTP is also highly questionable, given that it has a very
limited use. There is no demand for that, and Windows/MacOS don't implement
it.

But if you ask me, worst of all, it looks like if I'm not here to question
stuff, no one else will. So yes, here come my mails about ipf, racoon, natm,
ndis, etc, sctp, all written the same way, because it's always the same
problem. It is better to question now, rather than letting things spiral
down into problems we have no idea how to fix correctly.

That SCTP, too, is in a bad state, is not an insult to whoever imported
it, it's just a fact, and a problem. Perhaps we wouldn't be having this
kind of problem if we did more filtering on what we decide to import. But
maybe someone can contradict me?