Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Dec 2013 16:57:25 +0100
From:      Fleuriot Damien <ml@my.gd>
To:        "firmdog@gmail.com" <firmdog@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: do I have to compile a new kernel? or just add options somehow?
Message-ID:  <D8B22251-346B-4507-8705-58CBD3D2026F@my.gd>
In-Reply-To: <CAHcg-UF1HfTq_OianFxiD1Xy_EyA6GApuOKPG+b+1XF2a1c27g@mail.gmail.com>
References:  <CAHcg-UF6hdDBrnw+jY6ajzdD9NnSzAPnu8pwMqvGfkK3feWgKQ@mail.gmail.com> <1A249B2C-B341-4270-B343-627901FD9562@my.gd> <CAHcg-UF1HfTq_OianFxiD1Xy_EyA6GApuOKPG+b+1XF2a1c27g@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Oh but you can load modules at boot time for GENERIC just fine.

While there is a "crypto" module nested under =
/usr/src/sys/modules/crypto/ , I'm not familiar enough with it to say =
whether it incorporates both the device and the IPSEC options you're =
interested in.

You're better off rebuilding GENERIC, or your own kernel, IMHO.



If you're curious, you can always run :
kldload crypto

If kldload says the module doesn't exist (I think it should, for =
GENERIC), you'll need to build it:
cd /usr/src/sys/modules/crypto/ && make && make install



Here's little me trying to load it under a brand new 8.4 box:

# kldload /boot/kernel/crypto.ko
kldload: can't load /boot/kernel/crypto.ko: Exec format error


If you run into this error like me, "dmesg" will provide you with a =
clue, as it does in my case:
KLD crypto.ko: depends on zlib - not available or version mismatch
linker_load_file: Unsupported file type



I really encourage you to rebuild your own kernel, stripped of all the =
stuff you don't want/need (ISA NICs, wifi, firewire, floppy =
controller... )


Warren Block has written pretty cool articles, here:
http://www.wonkity.com/~wblock/docs/html/buildworld.html
http://www.wonkity.com/~wblock/docs/html/kernelconfig.html




I hope that helps,


On Dec 5, 2013, at 4:30 PM, "firmdog@gmail.com" <firmdog@gmail.com> =
wrote:

>=20
> So the answer is that it's NOT possible to load modules at boot time =
for GENERIC? I have to actually build a new kernel?
>=20
> Thanks!
>=20
>=20
> On Thu, Dec 5, 2013 at 9:42 AM, Fleuriot Damien <ml@my.gd> wrote:
>=20
> On Dec 5, 2013, at 3:35 PM, "firmdog@gmail.com" <firmdog@gmail.com> =
wrote:
>=20
> > I am having difficulty understanding what is compiled into the =
GENERIC
> > kernel.
> >
> > I need to enable "device crypto" with IPSEC and IPSEC_NAT_T options.
> >
> > Can I just configure the GENERIC kernel in a config file? Or do I =
have to
> > compile a totally new kernel?
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org"
>=20
>=20
> While it's far from being a good practice, you can simply add your:
> device crypto
> options IPSEC
> options IPSEC_NAT_T
>=20
> to /sys/amd64/conf/GENERIC (assuming you're running a 64bit release =
that is).
>=20
>=20
> Then: cd /usr/src && make kernel-toolchain && make buildkernel
>=20
> Once the kernel is built, you only need to "make installkernel" and =
reboot.
>=20
> It is good practice, before rebooting, to run "mergemaster -p" , even =
if you've only done a minor upgrade, let good habits sink in ;)
>=20
>=20
>=20
>=20
> Regarding what is compiled in the GENERIC kernel, you can find the =
included options and devices at:
> /sys/amd64/conf/GENERIC
> or
> /sys/i386/conf/GENERIC
>=20
> You may also run config -x /boot/kernel/kernel , if your kernel was =
built with INCLUDE_CONFIG_FILE , which GENERIC does.
>=20
>=20




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?D8B22251-346B-4507-8705-58CBD3D2026F>