Page MenuHomeFreeBSD
Differential D40300

setkey(8): NAT-T manual configuration support
ClosedPublic
Actions

Authored by kib on May 27 2023, 6:10 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 29, 9:57 PM
Unknown Object (File)
Mon, Apr 29, 9:57 PM
Unknown Object (File)
Mon, Apr 29, 9:48 PM
Unknown Object (File)
Mon, Apr 29, 9:48 PM
Unknown Object (File)
Sun, Apr 28, 9:16 PM
Unknown Object (File)
Fri, Apr 26, 12:40 AM
Unknown Object (File)
Sun, Apr 7, 9:29 AM
Unknown Object (File)
Sat, Apr 6, 12:54 PM
View All 34 Files
Subscribers
imp

Details

Reviewers
ae
bz
Commits
rGcf85818e05a9: setkey(8): document NAT-T and NAT-T MTU extensions syntax
rG2fa1b8617fdf: setkey(8): NAT-T manual configuration support
rG2c1296a3c547: setkey(8): extract prefixlen calculation info helper

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.May 27 2023, 6:10 AM
Herald added a subscriber: imp. · View Herald TranscriptMay 27 2023, 6:10 AM
kib requested review of this revision.May 27 2023, 6:10 AM
bz added a comment.May 27 2023, 9:26 PM

Can you please add details (a proposed commit message) as that might shed light onto why you may think this is needed/useful?

sbin/setkey/parse.y
794

Please also hide IPv4. Way more important to be able to phase it out than hiding IPv6 these days ;-) I know the code doesn't always do it but when we move it we could clean that up.

1147

Those probably should be resolved or removed?

sbin/setkey/setkey.8
32 ↗(On Diff #122510)

.Dd update before commit

kib marked 3 inline comments as done.May 27 2023, 9:45 PM
In D40300#917678, @bz wrote:

Can you please add details (a proposed commit message) as that might shed light onto why you may think this is needed/useful?

This is needed to properly test IPSEC+NAT-T hardware offload. (I do not think that mentioning this in commit message is too useful).

kib updated this revision to Diff 122523.May 27 2023, 9:45 PM

Handle bz' comments.

bz added a comment.May 27 2023, 9:50 PM
In D40300#917683, @kib wrote:
In D40300#917678, @bz wrote:

Can you please add details (a proposed commit message) as that might shed light onto why you may think this is needed/useful?

This is needed to properly test IPSEC+NAT-T hardware offload. (I do not think that mentioning this in commit message is too useful).

I think the reason WHY a change is done is super useful in a commit message. And thanks for explaining as "testing" was literally the only thing I could think off why this change could be needed. I'll try and see if I can do a more thorough review if noone else beats me to it.

In general I am fine adding the functionality.

ae accepted this revision.May 29 2023, 7:19 AM

LGTM. Do you plan to implement NAT_T_FRAG in kernel somehow?

This revision is now accepted and ready to land.May 29 2023, 7:19 AM
kib added a comment.May 29 2023, 8:09 AM
In D40300#917875, @ae wrote:

LGTM. Do you plan to implement NAT_T_FRAG in kernel somehow?

Somehow, might be. So far it was a possibility that we need this for our offload work, so I implemented it in advance.

Closed by commit rG2c1296a3c547: setkey(8): extract prefixlen calculation info helper (authored by kib). · Explain WhyMay 29 2023, 10:10 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rG2c1296a3c547: setkey(8): extract prefixlen calculation info helper.
kib added a commit: rG2fa1b8617fdf: setkey(8): NAT-T manual configuration support.
kib added a commit: rGcf85818e05a9: setkey(8): document NAT-T and NAT-T MTU extensions syntax.

Revision Contents
Changeset List

PathSize
sbin/
setkey/
56 lines

Diff 122577

View Options

sbin/setkey/parse.y

Loading...