The following commits to HEAD head were to prevent issues with using GRE and ENC devices. The former was set for an MFC by the author but never happened. The latter was recommended to me by the author to get a working firewall when running 10.0-RELEASE. If possible, can these be MFCd to 10 STABLE for the 10.3-RELEASE? https://svnweb.freebsd.org/base?view=revision&revision=272695 https://svnweb.freebsd.org/base?view=revision&revision=288529 Thanks in advance.
r288529 was merged as noted directly after 1 week. https://svnweb.freebsd.org/base?view=revision&revision=289169 The second revision requires merging of new if_enc(4) from head/, because Marco Zec noticed that this commit could introduce the problem with VIMAGE. I think it should be fixed in new if_enc(4).
Ahh. I see the MFC now. Thanks for checking and sorry to bother you with that. Is the new if_enc you refer to already in 10 STABLE?
(In reply to mgrooms from comment #2) > Ahh. I see the MFC now. Thanks for checking and sorry to bother you with > that. Is the new if_enc you refer to already in 10 STABLE? No. It isn't in stable. FreeBSD head/ is so far away from stable branch in changes of network stack, there are a lot of changes in ipsec code and I haven't any stable/10 machines to test these changes to be able merge them. Also we are in code freeze now in preparation to 10.3 release.
Thanks for the clarification regarding enc. I'm not trying to make more work for developers, I'm just trying to prevent other users from experiencing the same problems I have. Here is some background: While upgrading a pair of firewalls to 10, I went through a week of crashes and scrambling to apply kernel patches from head ... https://lists.freebsd.org/pipermail/freebsd-net/2014-October/040170.html Before upgrading to 10.2-RELEASE, I went through all patches I had previously applied to see if they had been MFCd. Regardless, when I upgraded I still went through two days of crashes and applying kernel patches from head ... https://groups.google.com/forum/#!topic/mailing.freebsd.stable/8ZYiHDkarhU The other patch that fixed my 10.2 problem was MFCd with RE approval two days ago ... https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206933 The only other patches that looked like they may not have MFCd were the two mentioned in this bugzilla ticket. After all the adventures I've had upgrading 10.x firewalls, I felt I would be remiss if I didn't follow up with a request. I appreciate all the work you and other developers do on FreeBSD. IMO, it's the best alternative to proprietary firewall systems that support stateful fail-over.
Not enough information is probably not the best resolution for this, given it was the original reporter who closed it, and that the committers of the two revisions in question have not provided feedback, even though they are on CC. @Everyone, if this issue could/shouldneeds to be re-opened, please do so.
I apologize if I picked the wrong resolution. Hopefully it wasn't perceived as negative. The first of the two patches had already been committed and I didn't want the bug report to sit unresolved indefinitely. I went ahead and closed it using the resolution that seemed the most appropriate as there didn't seem to be enough info available to determine if the other patch was appropriate or required for the 10.3-RELEASE.