From owner-freebsd-stable@FreeBSD.ORG  Fri Nov  4 20:38:12 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6BD6F16A41F
	for <freebsd-stable@freebsd.org>; Fri,  4 Nov 2005 20:38:12 +0000 (GMT)
	(envelope-from taosecurity@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8D45143D48
	for <freebsd-stable@freebsd.org>; Fri,  4 Nov 2005 20:38:02 +0000 (GMT)
	(envelope-from taosecurity@gmail.com)
Received: by zproxy.gmail.com with SMTP id o37so344749nzf
	for <freebsd-stable@freebsd.org>; Fri, 04 Nov 2005 12:38:02 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=Vd9qXh/9oLTeMEcP7SMLimM2Mlv/qPj3Trj0NUPEBZD4VUhmXgyEe8R07bhSFIw3jPnlB1Z5NtyhdGSiomgk3tR1DIOfbPUByMF1gzgm8HYHkBY0cyZXEB6d8uqg2LbhVhdYk2g7KyVIYD5kIAGr/CtE10X3sx7e9OFK5gWjAwE=
Received: by 10.65.110.10 with SMTP id n10mr2545072qbm;
	Fri, 04 Nov 2005 12:10:45 -0800 (PST)
Received: by 10.65.244.8 with HTTP; Fri, 4 Nov 2005 12:10:45 -0800 (PST)
Message-ID: <120ef0530511041210s6d3dbee8pc2db36129b44be2c@mail.gmail.com>
Date: Fri, 4 Nov 2005 15:10:45 -0500
From: Richard Bejtlich <taosecurity@gmail.com>
To: freebsd-stable@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: Facilitating binary kernel upgrades
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2005 20:38:12 -0000

Hello all,

I have become a fan of Colin Percival's freebsd-update, which allows
binary updates of the GENERIC kernel and unmodified userland.

Binary kernel updates are not possible if I modify my kernel to
include support for IPSec or NAT, e.g.

device                crypto
options         FAST_IPSEC
options         IPFIREWALL
options         IPDIVERT

After speaking with Colin, he mentioned that IPSec, NAT, and disk
quotas (enabled via options QUOTA) are the three most popular kernel
changes that prevent people from running GENERIC and hence using
freebsd-update for binary kernel updates.

Can anyone shed light on why those three features are not available in GENE=
RIC?

Thank you,

Richard
http://www.taosecurity.com