On 11.12.2016 02:07, Andrey V. Elsukov wrote:
I am pleased to announce that projects/ipsec, that I started several
months ago is ready for testing and review.
The main goals were:
* rework locking to make IPsec code more friendly for concurrent
* make lookup in SADB/SPDB faster;
* revise PFKEY implementation, remove stale code, make it closer
* implement IPsec VTI (virtual tunneling interface);
* make IPsec code loadable as kernel module.
Currently all, except the last one is mostly done. So, I decided ask for
a help to test the what already done, while I will work on the last task.
I finished the last task, now it is possible to load/unload IPsec and
TCP-MD5 support as kernel modules.
New kernel option IPSEC_SUPPORT should be used to build the kernel that
is able to load IPsec module.
So, if you have 'options IPSEC' in the kernel config, IPsec support will
be build in the kernel without TCP-MD5 support.
If you have 'options IPSEC' and 'options TCP_SIGNATURE', IPsec and
TCP-MD5 support will be build in the kernel.
If you have 'options IPSEC' and 'options IPSEC_SUPPORT', IPsec support
will be build in the kernel and TCP-MD5 can be loaded.
If you have 'options IPSEC_SUPPORT', IPsec and TCP-MD5 can be loaded.
If you have 'options IPSEC_SUPPORT' and 'options TCP_SIGNATURE', TCP-MD5
support will be build in the kernel and IPsec can be loaded.
If you have not IPSEC* options, it isn't possible to use IPsec as module.
So, if there will no objection, I'll merge projects/ipsec into head/
within two weeks.
WBR, Andrey V. Elsukov
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"