svn commit: r337944 - head/sys/arm/conf
John Baldwin
jhb at FreeBSD.org
Fri Aug 17 16:01:57 UTC 2018
On 8/17/18 3:53 PM, Ian Lepore wrote:
> On Fri, 2018-08-17 at 01:04 +0000, Conrad Meyer wrote:
>> Author: cem
>> Date: Fri Aug 17 01:04:02 2018
>> New Revision: 337944
>> URL: https://svnweb.freebsd.org/changeset/base/337944
>>
>> Log:
>> arm: Define crypto option on platforms that include IPsec
>>
>> Missed in r337940.
>>
>> (It's not like there are any crypto files IPsec doesn't pull in, so it is
>> unclear what not defining the crypto option was supposed to achieve.)
>>
>> Reported by: np@
>>
>> Modified:
>> head/sys/arm/conf/std.armv6
>> head/sys/arm/conf/std.armv7
>>
>> Modified: head/sys/arm/conf/std.armv6
>> ==============================================================================
>> --- head/sys/arm/conf/std.armv6 Fri Aug 17 01:03:23 2018 (r337943)
>> +++ head/sys/arm/conf/std.armv6 Fri Aug 17 01:04:02 2018 (r337944)
>> @@ -9,6 +9,7 @@ options VIMAGE # Subsystem virtualization, e.g. VNE
>> options INET # InterNETworking
>> options INET6 # IPv6 communications protocols
>> options TCP_HHOOK # hhook(9) framework for TCP
>> +device crypto # IPSec && !crypto is nonsensical
>> options IPSEC # IP (v4/v6) security
>> options SCTP # Stream Control Transmission Protocol
>> options FFS # Berkeley Fast Filesystem
>>
>> Modified: head/sys/arm/conf/std.armv7
>> ==============================================================================
>> --- head/sys/arm/conf/std.armv7 Fri Aug 17 01:03:23 2018 (r337943)
>> +++ head/sys/arm/conf/std.armv7 Fri Aug 17 01:04:02 2018 (r337944)
>> @@ -9,6 +9,7 @@ options VIMAGE # Subsystem virtualization, e.g. VNE
>> options INET # InterNETworking
>> options INET6 # IPv6 communications protocols
>> options TCP_HHOOK # hhook(9) framework for TCP
>> +device crypto # IPSec && !crypto is nonsensical
>> options IPSEC # IP (v4/v6) security
>> options SCTP # Stream Control Transmission Protocol
>> options FFS # Berkeley Fast Filesystem
>>
>
> What problem were you trying to solve with this change? Aside from
> putting a device statement into a file that, by design, only contains
> options, and besides adding it with a snarky comment rather than the
> canononical comment associated with that device from sys/conf/NOTES, I
> can't see offhand how this changes anything. Virtually everything that
> is dependent on the crypto device is actually specified as crypto |
> ipsec | ipsec_support, which seems like the correct way to implement
> "option IPSEC implies device crypto".
In other kernel config files we include crypto explicitly, but with a
less snarky comment (and in the device section), e.g. amd64's GENERIC:
# The crypto framework is required by IPSEC
device crypto # Required by IPSEC
That said, I think it would be better to instead move this up into the
existing list of pseudo devices that includes 'device ether', etc.
I've put a strawman up at https://reviews.freebsd.org/D16775
--
John Baldwin
More information about the svn-src-head
mailing list