svn commit: r310475 - projects/ipsec/sys/conf
Andrey V. Elsukov
ae at FreeBSD.org
Fri Dec 23 13:01:38 UTC 2016
On 23.12.2016 15:48, Konstantin Belousov wrote:
> On Fri, Dec 23, 2016 at 12:11:56PM +0000, Andrey V. Elsukov wrote:
>> Author: ae
>> Date: Fri Dec 23 12:11:56 2016
>> New Revision: 310475
>> URL: https://svnweb.freebsd.org/changeset/base/310475
>>
>> Log:
>> Unconditionally build machine depended crypto(4) code when
>> IPSEC_SUPPORT is enabled.
>
> Why ? If ipsec is a module, why crypto cannot be a module as well ?
Hi,
Currently PF_KEY code can not be a module and it depends from crypto.
This imposes such restriction. The only benefit from having 'options
IPSEC_SUPPORT' instead of 'options IPSEC' is reduced overhead for
traffic flows that IPsec checking does.
But if we add ability to unload network domain(9), it will be possible
to make PF_KEY as module too. Then this restriction could be deleted.
--
WBR, Andrey V. Elsukov
More information about the svn-src-projects
mailing list