Date: Fri, 17 Aug 2018 17:01:47 +0100 From: John Baldwin <jhb@FreeBSD.org> To: Ian Lepore <ian@freebsd.org>, Conrad Meyer <cem@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r337944 - head/sys/arm/conf Message-ID: <3cc50b11-5670-9cc1-fcf8-840e407995b4@FreeBSD.org> In-Reply-To: <1534517617.27158.11.camel@freebsd.org> References: <201808170104.w7H142P8048034@repo.freebsd.org> <1534517617.27158.11.camel@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/17/18 3:53 PM, Ian Lepore wrote: > On Fri, 2018-08-17 at 01:04 +0000, Conrad Meyer wrote: >> Author: cem >> Date: Fri Aug 17 01:04:02 2018 >> New Revision: 337944 >> URL: https://svnweb.freebsd.org/changeset/base/337944 >> >> Log: >> arm: Define crypto option on platforms that include IPsec >> >> Missed in r337940. >> >> (It's not like there are any crypto files IPsec doesn't pull in, so it is >> unclear what not defining the crypto option was supposed to achieve.) >> >> Reported by: np@ >> >> Modified: >> head/sys/arm/conf/std.armv6 >> head/sys/arm/conf/std.armv7 >> >> Modified: head/sys/arm/conf/std.armv6 >> ============================================================================== >> --- head/sys/arm/conf/std.armv6 Fri Aug 17 01:03:23 2018 (r337943) >> +++ head/sys/arm/conf/std.armv6 Fri Aug 17 01:04:02 2018 (r337944) >> @@ -9,6 +9,7 @@ options VIMAGE # Subsystem virtualization, e.g. VNE >> options INET # InterNETworking >> options INET6 # IPv6 communications protocols >> options TCP_HHOOK # hhook(9) framework for TCP >> +device crypto # IPSec && !crypto is nonsensical >> options IPSEC # IP (v4/v6) security >> options SCTP # Stream Control Transmission Protocol >> options FFS # Berkeley Fast Filesystem >> >> Modified: head/sys/arm/conf/std.armv7 >> ============================================================================== >> --- head/sys/arm/conf/std.armv7 Fri Aug 17 01:03:23 2018 (r337943) >> +++ head/sys/arm/conf/std.armv7 Fri Aug 17 01:04:02 2018 (r337944) >> @@ -9,6 +9,7 @@ options VIMAGE # Subsystem virtualization, e.g. VNE >> options INET # InterNETworking >> options INET6 # IPv6 communications protocols >> options TCP_HHOOK # hhook(9) framework for TCP >> +device crypto # IPSec && !crypto is nonsensical >> options IPSEC # IP (v4/v6) security >> options SCTP # Stream Control Transmission Protocol >> options FFS # Berkeley Fast Filesystem >> > > What problem were you trying to solve with this change? Aside from > putting a device statement into a file that, by design, only contains > options, and besides adding it with a snarky comment rather than the > canononical comment associated with that device from sys/conf/NOTES, I > can't see offhand how this changes anything. Virtually everything that > is dependent on the crypto device is actually specified as crypto | > ipsec | ipsec_support, which seems like the correct way to implement > "option IPSEC implies device crypto". In other kernel config files we include crypto explicitly, but with a less snarky comment (and in the device section), e.g. amd64's GENERIC: # The crypto framework is required by IPSEC device crypto # Required by IPSEC That said, I think it would be better to instead move this up into the existing list of pseudo devices that includes 'device ether', etc. I've put a strawman up at https://reviews.freebsd.org/D16775 -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3cc50b11-5670-9cc1-fcf8-840e407995b4>