New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kmod-ipsec: enable CONFIG_XFRM_STATISTICS CONFIG_XFRM_MIGRATE #2142
Conversation
@antonyantony maybe more is needed here because it halts at asking
|
I am not sure how to fix this patch. Any suggestions? |
it worked for me on sunxi aarch64_cortex-a53, where everything was Y no M(modules) When I try M on mvebu this does not work, I think because when lbreswan is a module these config options trying to be modules. .config:6493:warning: symbol value 'm' invalid for XFRM_MIGRATE These two config options are bool. While the ipsec itself is a module. how I can force the config options to Y when KernelPackage/ipsec is M. config XFRM_MIGRATE |
Like this:
If symbols are not suffixed with |
CONFIG_XFRM_STATISTICS helps debug Strongswan or libreswan CONFIG_XFRM_MIGRATE used by librewan to support mobike Signed-off-by: Antony Antony <antony@phenome.org>
fd215c4
to
5e008b9
Compare
@antonyantony |
this change is to support mobike, RFC 4555. e.g iPhone moving from 4G to WiFi while keeping the tunnel up when moving networks. I think biggest test is would the kernel compile with this change. Then libreswan, userland will/should do the right thing. |
the kernel compiles no problem on my test systems |
Hi, since this seems to be not a fix, but a feature, and none of the committer seems to be interested in reviewing it for almost a year, I will close it now (i.e. "Won't implement"). I'm sorry, but better crush your remaining hopes now than waiting another year where supposedly nothing different will happen. |
This is breaking generic IPsec support. Please reconsider. It is a stable feature of billions of kernels out there. It is needed for proper functioning of libreswan and strongswan packages. If you are not confident on XFRM options, at least follow the linus upstream kernel for defaults. Don't manually disable things. ping @adschm |
ipsec enhancements, @lucize