Date: Fri, 23 Dec 2016 16:01:07 +0300 From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: Re: svn commit: r310475 - projects/ipsec/sys/conf Message-ID: <c7be0d8a-8133-0def-b0e9-1b544f2a4e40@FreeBSD.org> In-Reply-To: <20161223124839.GX94325@kib.kiev.ua> References: <201612231211.uBNCBuLO019883@repo.freebsd.org> <20161223124839.GX94325@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23.12.2016 15:48, Konstantin Belousov wrote: > On Fri, Dec 23, 2016 at 12:11:56PM +0000, Andrey V. Elsukov wrote: >> Author: ae >> Date: Fri Dec 23 12:11:56 2016 >> New Revision: 310475 >> URL: https://svnweb.freebsd.org/changeset/base/310475 >> >> Log: >> Unconditionally build machine depended crypto(4) code when >> IPSEC_SUPPORT is enabled. > > Why ? If ipsec is a module, why crypto cannot be a module as well ? Hi, Currently PF_KEY code can not be a module and it depends from crypto. This imposes such restriction. The only benefit from having 'options IPSEC_SUPPORT' instead of 'options IPSEC' is reduced overhead for traffic flows that IPsec checking does. But if we add ability to unload network domain(9), it will be possible to make PF_KEY as module too. Then this restriction could be deleted. -- WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c7be0d8a-8133-0def-b0e9-1b544f2a4e40>