Date: Wed, 20 Sep 2017 18:41:04 +0000 From: Alexey Dokuchaev <danfe@FreeBSD.org> To: Gleb Smirnoff <glebius@FreeBSD.org> Cc: Josh Paetzel <jpaetzel@FreeBSD.org>, svn-src-all@freebsd.org Subject: Re: svn commit: r323770 - in stable/11/sys: amd64/conf arm64/conf i386/conf powerpc/conf riscv/conf sparc64/conf Message-ID: <20170920184104.GA6428@FreeBSD.org> In-Reply-To: <20170920182537.GN1055@FreeBSD.org> References: <201709191651.v8JGpp5v048489@repo.freebsd.org> <2B7D21C6-56EE-4ADE-815C-70477C137A82@gmail.com> <1505915939.3128744.1112434136.0864CA5F@webmail.messagingengine.com> <20170920172145.GA80852@FreeBSD.org> <20170920182537.GN1055@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 20, 2017 at 11:25:37AM -0700, Gleb Smirnoff wrote: > On Wed, Sep 20, 2017 at 05:21:45PM +0000, Alexey Dokuchaev wrote: > A> On Wed, Sep 20, 2017 at 08:58:59AM -0500, Josh Paetzel wrote: > A> > On Wed, Sep 20, 2017, at 02:41 AM, Ngie Cooper (yaneurabeya) wrote: > A> > > > On Sep 19, 2017, at 09:51, Josh Paetzel <jpaetzel@FreeBSD.org> wrote: > A> > > > New Revision: 323770 > A> > > > URL: https://svnweb.freebsd.org/changeset/base/323770 > A> > > > > A> > > > Log: > A> > > > MFC: 323068 > A> > > > > A> > > > Allow kldload tcpmd5 > A> > > > A> > > Wasn't this reverted on ^/head ? > A> > > A> > Not this one. What was reverted on HEAD was the removal of options > A> > IPSEC from GENERIC. > A> > > A> > The endgoal is options IPSEC and options IPSEC_SUPPORT in GENERIC, which > A> > will allow someone running GENERIC to kldload tcpmd5. > A> > A> I'll shamelessly steal this thread to ask somewhat related question that > A> was bothering me since the original botched commit: what is the reason > A> behind IPSEC_SUPPORT option? If it does not cost anything, why not just > A> optimize it away; if it does imply something more, can you shed some > A> light on why is it needed (and/or might not be)? Thanks, > > The reason is to make loadable ipsec.ko. I actually don't understand > why do we still have IPSEC in GENERIC once it is loadable. Doesn't it > still have performance impact? I understand that the idea is to make it loadable; what I don't understand is why this requires IPSEC_SUPPORT option instead of no special option what- soever. If I grep for SUPPORT in my i386/conf/GENERIC, I see things like INVARIANT_SUPPORT or IEEE80211_SUPPORT_MESH (with meaningful explanations) but IPSEC_SUPPORT which, per the comment, "allows to kldload of ipsec and tcpmd5", is totally beyond me. Lots of kernel features are/can be loaded as modules, but we don't have things like SOUND_SUPPORT or USB_SUPPORT. ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170920184104.GA6428>