do I have to compile a new kernel? or just add options somehow?
Fleuriot Damien
ml at my.gd
Thu Dec 5 15:57:29 UTC 2013
Oh but you can load modules at boot time for GENERIC just fine.
While there is a "crypto" module nested under /usr/src/sys/modules/crypto/ , I'm not familiar enough with it to say whether it incorporates both the device and the IPSEC options you're interested in.
You're better off rebuilding GENERIC, or your own kernel, IMHO.
If you're curious, you can always run :
kldload crypto
If kldload says the module doesn't exist (I think it should, for GENERIC), you'll need to build it:
cd /usr/src/sys/modules/crypto/ && make && make install
Here's little me trying to load it under a brand new 8.4 box:
# kldload /boot/kernel/crypto.ko
kldload: can't load /boot/kernel/crypto.ko: Exec format error
If you run into this error like me, "dmesg" will provide you with a clue, as it does in my case:
KLD crypto.ko: depends on zlib - not available or version mismatch
linker_load_file: Unsupported file type
I really encourage you to rebuild your own kernel, stripped of all the stuff you don't want/need (ISA NICs, wifi, firewire, floppy controller... )
Warren Block has written pretty cool articles, here:
http://www.wonkity.com/~wblock/docs/html/buildworld.html
http://www.wonkity.com/~wblock/docs/html/kernelconfig.html
I hope that helps,
On Dec 5, 2013, at 4:30 PM, "firmdog at gmail.com" <firmdog at gmail.com> wrote:
>
> So the answer is that it's NOT possible to load modules at boot time for GENERIC? I have to actually build a new kernel?
>
> Thanks!
>
>
> On Thu, Dec 5, 2013 at 9:42 AM, Fleuriot Damien <ml at my.gd> wrote:
>
> On Dec 5, 2013, at 3:35 PM, "firmdog at gmail.com" <firmdog at gmail.com> wrote:
>
> > I am having difficulty understanding what is compiled into the GENERIC
> > kernel.
> >
> > I need to enable "device crypto" with IPSEC and IPSEC_NAT_T options.
> >
> > Can I just configure the GENERIC kernel in a config file? Or do I have to
> > compile a totally new kernel?
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
> While it's far from being a good practice, you can simply add your:
> device crypto
> options IPSEC
> options IPSEC_NAT_T
>
> to /sys/amd64/conf/GENERIC (assuming you're running a 64bit release that is).
>
>
> Then: cd /usr/src && make kernel-toolchain && make buildkernel
>
> Once the kernel is built, you only need to "make installkernel" and reboot.
>
> It is good practice, before rebooting, to run "mergemaster -p" , even if you've only done a minor upgrade, let good habits sink in ;)
>
>
>
>
> Regarding what is compiled in the GENERIC kernel, you can find the included options and devices at:
> /sys/amd64/conf/GENERIC
> or
> /sys/i386/conf/GENERIC
>
> You may also run config -x /boot/kernel/kernel , if your kernel was built with INCLUDE_CONFIG_FILE , which GENERIC does.
>
>
More information about the freebsd-questions
mailing list