How likely is it that we can get a kernel tweak for 11.1 so the tcpmd5.ko module works?
Marek Zarychta
zarychtam at plan-b.pwste.edu.pl
Thu Aug 17 10:56:12 UTC 2017
On Thu, Aug 17, 2017 at 03:51:25AM +0000, Dan Mahoney wrote:
> All,
>
> Please see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220170
>
> Basically, there's a kernel module that's only usable if you've built a
> custom kernel with IPSEC_SUPPORT. Since to build a custom kernel you've
> going to rebuild this module anyway, I'm not sure why it was shipped in
> -base.
>
> ISC runs a lot of BGP routing daemons and many of the people we peer with
> require password auth as part of their peering policy. We were really
> hoping for our new platform to not need to invent extra mechanics to
> build/deploy custom kernels.
>
> How hard would it be to add:
>
> 1) IPSEC_SUPPORT to base without waiting for 11.2? (After all, IPSEC
> itself is already in the base kernel).
>
> or
>
> 2) Building another module that would add the necessary IPSEC_SUPPORT
> knobs so TCPMD5 loads without needing to modify the shipped kernel?
>
+1
It would be even better to exchange IPSEC with IPSEC_SUPPORT in GENERIC.
Both modules: IPSEC as well as TCPMD5 could be loaded at boot time or later.
Best regards,
--
Marek Zarychta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20170817/bac1073c/attachment.sig>
More information about the freebsd-net
mailing list