Date: Thu, 5 Dec 2013 16:57:25 +0100 From: Fleuriot Damien <ml@my.gd> To: "firmdog@gmail.com" <firmdog@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: do I have to compile a new kernel? or just add options somehow? Message-ID: <D8B22251-346B-4507-8705-58CBD3D2026F@my.gd> In-Reply-To: <CAHcg-UF1HfTq_OianFxiD1Xy_EyA6GApuOKPG%2Bb%2B1XF2a1c27g@mail.gmail.com> References: <CAHcg-UF6hdDBrnw%2BjY6ajzdD9NnSzAPnu8pwMqvGfkK3feWgKQ@mail.gmail.com> <1A249B2C-B341-4270-B343-627901FD9562@my.gd> <CAHcg-UF1HfTq_OianFxiD1Xy_EyA6GApuOKPG%2Bb%2B1XF2a1c27g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh but you can load modules at boot time for GENERIC just fine. While there is a "crypto" module nested under = /usr/src/sys/modules/crypto/ , I'm not familiar enough with it to say = whether it incorporates both the device and the IPSEC options you're = interested in. You're better off rebuilding GENERIC, or your own kernel, IMHO. If you're curious, you can always run : kldload crypto If kldload says the module doesn't exist (I think it should, for = GENERIC), you'll need to build it: cd /usr/src/sys/modules/crypto/ && make && make install Here's little me trying to load it under a brand new 8.4 box: # kldload /boot/kernel/crypto.ko kldload: can't load /boot/kernel/crypto.ko: Exec format error If you run into this error like me, "dmesg" will provide you with a = clue, as it does in my case: KLD crypto.ko: depends on zlib - not available or version mismatch linker_load_file: Unsupported file type I really encourage you to rebuild your own kernel, stripped of all the = stuff you don't want/need (ISA NICs, wifi, firewire, floppy = controller... ) Warren Block has written pretty cool articles, here: http://www.wonkity.com/~wblock/docs/html/buildworld.html http://www.wonkity.com/~wblock/docs/html/kernelconfig.html I hope that helps, On Dec 5, 2013, at 4:30 PM, "firmdog@gmail.com" <firmdog@gmail.com> = wrote: >=20 > So the answer is that it's NOT possible to load modules at boot time = for GENERIC? I have to actually build a new kernel? >=20 > Thanks! >=20 >=20 > On Thu, Dec 5, 2013 at 9:42 AM, Fleuriot Damien <ml@my.gd> wrote: >=20 > On Dec 5, 2013, at 3:35 PM, "firmdog@gmail.com" <firmdog@gmail.com> = wrote: >=20 > > I am having difficulty understanding what is compiled into the = GENERIC > > kernel. > > > > I need to enable "device crypto" with IPSEC and IPSEC_NAT_T options. > > > > Can I just configure the GENERIC kernel in a config file? Or do I = have to > > compile a totally new kernel? > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >=20 >=20 > While it's far from being a good practice, you can simply add your: > device crypto > options IPSEC > options IPSEC_NAT_T >=20 > to /sys/amd64/conf/GENERIC (assuming you're running a 64bit release = that is). >=20 >=20 > Then: cd /usr/src && make kernel-toolchain && make buildkernel >=20 > Once the kernel is built, you only need to "make installkernel" and = reboot. >=20 > It is good practice, before rebooting, to run "mergemaster -p" , even = if you've only done a minor upgrade, let good habits sink in ;) >=20 >=20 >=20 >=20 > Regarding what is compiled in the GENERIC kernel, you can find the = included options and devices at: > /sys/amd64/conf/GENERIC > or > /sys/i386/conf/GENERIC >=20 > You may also run config -x /boot/kernel/kernel , if your kernel was = built with INCLUDE_CONFIG_FILE , which GENERIC does. >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D8B22251-346B-4507-8705-58CBD3D2026F>