svn commit: r310475 - projects/ipsec/sys/conf

Andrey V. Elsukov ae at FreeBSD.org
Fri Dec 23 13:01:38 UTC 2016


On 23.12.2016 15:48, Konstantin Belousov wrote:
> On Fri, Dec 23, 2016 at 12:11:56PM +0000, Andrey V. Elsukov wrote:
>> Author: ae
>> Date: Fri Dec 23 12:11:56 2016
>> New Revision: 310475
>> URL: https://svnweb.freebsd.org/changeset/base/310475
>>
>> Log:
>>   Unconditionally build machine depended crypto(4) code when
>>   IPSEC_SUPPORT is enabled.
>
> Why ?  If ipsec is a module, why crypto cannot be a module as well ?

Hi,

Currently PF_KEY code can not be a module and it depends from crypto.
This imposes such restriction. The only benefit from having 'options 
IPSEC_SUPPORT' instead of 'options IPSEC' is reduced overhead for 
traffic flows that IPsec checking does.
But if we add ability to unload network domain(9), it will be possible 
to make PF_KEY as module too. Then this restriction could be deleted.

-- 
WBR, Andrey V. Elsukov


More information about the svn-src-projects mailing list