On 8/17/18 3:53 PM, Ian Lepore wrote: > On Fri, 2018-08-17 at 01:04 +0000, Conrad Meyer wrote: >> Author: cem >> Date: Fri Aug 17 01:04:02 2018 >> New Revision: 337944 >> URL: https://svnweb.freebsd.org/changeset/base/337944 >> >> Log: >> arm: Define crypto option on platforms that include IPsec >> >> Missed in r337940. >> >> (It's not like there are any crypto files IPsec doesn't pull in, so it is >> unclear what not defining the crypto option was supposed to achieve.) >> >> Reported by: np@ >> >> Modified: >> head/sys/arm/conf/std.armv6 >> head/sys/arm/conf/std.armv7 >> >> Modified: head/sys/arm/conf/std.armv6 >> ============================================================================== >> --- head/sys/arm/conf/std.armv6 Fri Aug 17 01:03:23 2018 >> (r337943) >> +++ head/sys/arm/conf/std.armv6 Fri Aug 17 01:04:02 2018 >> (r337944) >> @@ -9,6 +9,7 @@ options VIMAGE # Subsystem >> virtualization, e.g. VNE >> options INET # InterNETworking >> options INET6 # IPv6 communications protocols >> options TCP_HHOOK # hhook(9) framework for TCP >> +device crypto # IPSec && !crypto is >> nonsensical >> options IPSEC # IP (v4/v6) security >> options SCTP # Stream Control Transmission Protocol >> options FFS # Berkeley Fast Filesystem >> >> Modified: head/sys/arm/conf/std.armv7 >> ============================================================================== >> --- head/sys/arm/conf/std.armv7 Fri Aug 17 01:03:23 2018 >> (r337943) >> +++ head/sys/arm/conf/std.armv7 Fri Aug 17 01:04:02 2018 >> (r337944) >> @@ -9,6 +9,7 @@ options VIMAGE # Subsystem >> virtualization, e.g. VNE >> options INET # InterNETworking >> options INET6 # IPv6 communications protocols >> options TCP_HHOOK # hhook(9) framework for TCP >> +device crypto # IPSec && !crypto is >> nonsensical >> options IPSEC # IP (v4/v6) security >> options SCTP # Stream Control Transmission Protocol >> options FFS # Berkeley Fast Filesystem >> > > What problem were you trying to solve with this change? Aside from > putting a device statement into a file that, by design, only contains > options, and besides adding it with a snarky comment rather than the > canononical comment associated with that device from sys/conf/NOTES, I > can't see offhand how this changes anything. Virtually everything that > is dependent on the crypto device is actually specified as crypto | > ipsec | ipsec_support, which seems like the correct way to implement > "option IPSEC implies device crypto".
In other kernel config files we include crypto explicitly, but with a less snarky comment (and in the device section), e.g. amd64's GENERIC: # The crypto framework is required by IPSEC device crypto # Required by IPSEC That said, I think it would be better to instead move this up into the existing list of pseudo devices that includes 'device ether', etc. I've put a strawman up at https://reviews.freebsd.org/D16775 -- John Baldwin _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"