From owner-svn-src-stable-12@freebsd.org  Wed Sep  2 21:36:56 2020
Return-Path: <owner-svn-src-stable-12@freebsd.org>
Delivered-To: svn-src-stable-12@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4BE9A3CA726;
 Wed,  2 Sep 2020 21:36:56 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Bhchm1KJdz4L1m;
 Wed,  2 Sep 2020 21:36:56 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 10B8C10E14;
 Wed,  2 Sep 2020 21:36:56 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 082Latlp029949;
 Wed, 2 Sep 2020 21:36:55 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 082LatjO029946;
 Wed, 2 Sep 2020 21:36:55 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <202009022136.082LatjO029946@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Wed, 2 Sep 2020 21:36:55 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject: svn commit: r365281 - in stable: 11/sys/conf 11/sys/modules
 11/sys/modules/tcp 12/sys/conf 12/sys/modules 12/sys/modules/tcp
X-SVN-Group: stable-12
X-SVN-Commit-Author: jhb
X-SVN-Commit-Paths: in stable: 11/sys/conf 11/sys/modules 11/sys/modules/tcp
 12/sys/conf 12/sys/modules 12/sys/modules/tcp
X-SVN-Commit-Revision: 365281
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-12@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: SVN commit messages for only the 12-stable src tree
 <svn-src-stable-12.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-12>, 
 <mailto:svn-src-stable-12-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-12/>
List-Post: <mailto:svn-src-stable-12@freebsd.org>
List-Help: <mailto:svn-src-stable-12-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-12>, 
 <mailto:svn-src-stable-12-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2020 21:36:56 -0000

Author: jhb
Date: Wed Sep  2 21:36:55 2020
New Revision: 365281
URL: https://svnweb.freebsd.org/changeset/base/365281

Log:
  MFC 361638,361712: Only build ipsec modules for kernels with IPSEC_SUPPORT.
  
  361638:
  Only build ipsec modules if the kernel includes IPSEC_SUPPORT.
  
  Honoring the kernel-supplied opt_ipsec.h in r361632 causes builds of
  ipsec modules to fail if the kernel doesn't include IPSEC_SUPPORT.
  However, the module can never be loaded into such a kernel, so only
  build the modules if the kernel includes IPSEC_SUPPORT.
  
  361712: (kevans)
  modules: don't build ipsec/tcpmd5 if the kernel is configured for IPSEC
  
  IPSEC_SUPPORT can currently only cope with either IPSEC || IPSEC_SUPPORT,
  not both. Refrain from building if IPSEC is set, as the resulting module
  won't be able to load anyways if it's built into the kernel.
  
  KERN_OPTS is safe here; for tied modules, it will reflect the kernel
  configuration. For untied modules, it will defer to whatever is set in
  ^/sys/conf/config.mk, which doesn't set IPSEC for modules. The latter
  situation has some risk to it for uncommon scenarios, but such is the life
  of untied kernel modules.

Modified:
  stable/12/sys/conf/config.mk
  stable/12/sys/modules/Makefile
  stable/12/sys/modules/tcp/Makefile
Directory Properties:
  stable/12/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/11/sys/conf/config.mk
  stable/11/sys/modules/Makefile
  stable/11/sys/modules/tcp/Makefile
Directory Properties:
  stable/11/   (props changed)

Modified: stable/12/sys/conf/config.mk
==============================================================================
--- stable/12/sys/conf/config.mk	Wed Sep  2 21:17:54 2020	(r365280)
+++ stable/12/sys/conf/config.mk	Wed Sep  2 21:36:55 2020	(r365281)
@@ -19,8 +19,10 @@ opt_inet.h:
 opt_inet6.h:
 	@echo "#define INET6 1" > ${.TARGET}
 .endif
+.if ${MK_IPSEC_SUPPORT} != "no"
 opt_ipsec.h:
 	@echo "#define IPSEC_SUPPORT 1" > ${.TARGET}
+.endif
 .if ${MK_RATELIMIT} != "no"
 opt_ratelimit.h:
 	@echo "#define RATELIMIT 1" > ${.TARGET}
@@ -50,6 +52,9 @@ KERN_OPTS+= INET TCP_OFFLOAD
 .endif
 .if ${MK_INET6_SUPPORT} != "no"
 KERN_OPTS+= INET6
+.endif
+.if ${MK_IPSEC_SUPPORT} != "no"
+KERN_OPTS+= IPSEC_SUPPORT
 .endif
 .if ${MK_SCTP_SUPPORT} != "no"
 KERN_OPTS+= SCTP_SUPPORT

Modified: stable/12/sys/modules/Makefile
==============================================================================
--- stable/12/sys/modules/Makefile	Wed Sep  2 21:17:54 2020	(r365280)
+++ stable/12/sys/modules/Makefile	Wed Sep  2 21:36:55 2020	(r365281)
@@ -8,6 +8,8 @@ SUBDIR_PARALLEL=
 # Modules that include binary-only blobs of microcode should be selectable by
 # MK_SOURCELESS_UCODE option (see below).
 
+.include "${SYSDIR}/conf/config.mk"
+
 .if defined(MODULES_OVERRIDE) && !defined(ALL_MODULES)
 SUBDIR=${MODULES_OVERRIDE}
 .else
@@ -459,7 +461,7 @@ _if_enc=	if_enc
 _if_gif=	if_gif
 _if_gre=	if_gre
 _ipfw_pmod=	ipfw_pmod
-.if ${MK_IPSEC_SUPPORT} != "no"
+.if ${KERN_OPTS:MIPSEC_SUPPORT} && !${KERN_OPTS:MIPSEC}
 _ipsec=		ipsec
 .endif
 .if ${MK_SCTP_SUPPORT} != "no" || ${MK_SCTP} != "no"
@@ -868,8 +870,6 @@ afterinstall: .PHONY
 		kldxref ${DESTDIR}${KMODDIR}; \
 	fi
 .endif
-
-.include "${SYSDIR}/conf/config.mk"
 
 SUBDIR:= ${SUBDIR:u:O}
 

Modified: stable/12/sys/modules/tcp/Makefile
==============================================================================
--- stable/12/sys/modules/tcp/Makefile	Wed Sep  2 21:17:54 2020	(r365280)
+++ stable/12/sys/modules/tcp/Makefile	Wed Sep  2 21:36:55 2020	(r365281)
@@ -15,7 +15,7 @@ _tcp_rack= 	rack
 
 .if (${MK_INET_SUPPORT} != "no" || ${MK_INET6_SUPPORT} != "no") || \
 	defined(ALL_MODULES)
-.if ${MK_IPSEC_SUPPORT} != "no"
+.if ${KERN_OPTS:MIPSEC_SUPPORT} && !${KERN_OPTS:MIPSEC}
 _tcpmd5=	tcpmd5
 .endif
 .endif