svn commit: r323770 - in stable/11/sys: amd64/conf arm64/conf i386/conf powerpc/conf riscv/conf sparc64/conf
Alexey Dokuchaev
danfe at FreeBSD.org
Wed Sep 20 18:41:05 UTC 2017
On Wed, Sep 20, 2017 at 11:25:37AM -0700, Gleb Smirnoff wrote:
> On Wed, Sep 20, 2017 at 05:21:45PM +0000, Alexey Dokuchaev wrote:
> A> On Wed, Sep 20, 2017 at 08:58:59AM -0500, Josh Paetzel wrote:
> A> > On Wed, Sep 20, 2017, at 02:41 AM, Ngie Cooper (yaneurabeya) wrote:
> A> > > > On Sep 19, 2017, at 09:51, Josh Paetzel <jpaetzel at FreeBSD.org> wrote:
> A> > > > New Revision: 323770
> A> > > > URL: https://svnweb.freebsd.org/changeset/base/323770
> A> > > >
> A> > > > Log:
> A> > > > MFC: 323068
> A> > > >
> A> > > > Allow kldload tcpmd5
> A> > >
> A> > > Wasn't this reverted on ^/head ?
> A> >
> A> > Not this one. What was reverted on HEAD was the removal of options
> A> > IPSEC from GENERIC.
> A> >
> A> > The endgoal is options IPSEC and options IPSEC_SUPPORT in GENERIC, which
> A> > will allow someone running GENERIC to kldload tcpmd5.
> A>
> A> I'll shamelessly steal this thread to ask somewhat related question that
> A> was bothering me since the original botched commit: what is the reason
> A> behind IPSEC_SUPPORT option? If it does not cost anything, why not just
> A> optimize it away; if it does imply something more, can you shed some
> A> light on why is it needed (and/or might not be)? Thanks,
>
> The reason is to make loadable ipsec.ko. I actually don't understand
> why do we still have IPSEC in GENERIC once it is loadable. Doesn't it
> still have performance impact?
I understand that the idea is to make it loadable; what I don't understand
is why this requires IPSEC_SUPPORT option instead of no special option what-
soever. If I grep for SUPPORT in my i386/conf/GENERIC, I see things like
INVARIANT_SUPPORT or IEEE80211_SUPPORT_MESH (with meaningful explanations)
but IPSEC_SUPPORT which, per the comment, "allows to kldload of ipsec and
tcpmd5", is totally beyond me. Lots of kernel features are/can be loaded
as modules, but we don't have things like SOUND_SUPPORT or USB_SUPPORT.
./danfe
More information about the svn-src-all
mailing list