On 11.12.2016 02:07, Andrey V. Elsukov wrote: > Hi All, > > I am pleased to announce that projects/ipsec, that I started several > months ago is ready for testing and review. > The main goals were: > * rework locking to make IPsec code more friendly for concurrent > processing; > * make lookup in SADB/SPDB faster; > * revise PFKEY implementation, remove stale code, make it closer > to RFC; > * implement IPsec VTI (virtual tunneling interface); > * make IPsec code loadable as kernel module. > > Currently all, except the last one is mostly done. So, I decided ask for > a help to test the what already done, while I will work on the last task. I finished the last task, now it is possible to load/unload IPsec and TCP-MD5 support as kernel modules. New kernel option IPSEC_SUPPORT should be used to build the kernel that is able to load IPsec module. So, if you have 'options IPSEC' in the kernel config, IPsec support will be build in the kernel without TCP-MD5 support. If you have 'options IPSEC' and 'options TCP_SIGNATURE', IPsec and TCP-MD5 support will be build in the kernel. If you have 'options IPSEC' and 'options IPSEC_SUPPORT', IPsec support will be build in the kernel and TCP-MD5 can be loaded. If you have 'options IPSEC_SUPPORT', IPsec and TCP-MD5 can be loaded. If you have 'options IPSEC_SUPPORT' and 'options TCP_SIGNATURE', TCP-MD5 support will be build in the kernel and IPsec can be loaded. If you have not IPSEC* options, it isn't possible to use IPsec as module. So, if there will no objection, I'll merge projects/ipsec into head/ within two weeks. -- WBR, Andrey V. ElsukovReceived on Tue Dec 27 2016 - 09:19:25 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC