Date: Thu, 17 Aug 2017 03:51:25 +0000 (UTC) From: Dan Mahoney <dmahoney@isc.org> To: freebsd-net@freebsd.org Subject: How likely is it that we can get a kernel tweak for 11.1 so the tcpmd5.ko module works? Message-ID: <alpine.BSF.2.20.1708170346270.71105@bikeshed.isc.org>
next in thread | raw e-mail | index | archive | help
All, Please see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220170 Basically, there's a kernel module that's only usable if you've built a custom kernel with IPSEC_SUPPORT. Since to build a custom kernel you've going to rebuild this module anyway, I'm not sure why it was shipped in -base. ISC runs a lot of BGP routing daemons and many of the people we peer with require password auth as part of their peering policy. We were really hoping for our new platform to not need to invent extra mechanics to build/deploy custom kernels. How hard would it be to add: 1) IPSEC_SUPPORT to base without waiting for 11.2? (After all, IPSEC itself is already in the base kernel). or 2) Building another module that would add the necessary IPSEC_SUPPORT knobs so TCPMD5 loads without needing to modify the shipped kernel? -Dan Mahoney ISC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1708170346270.71105>