[Openswan dev] ocf debian

David McCullough david_mccullough at mcafee.com
Thu Dec 16 17:53:07 EST 2010

Jivin Paul Wouters lays it down ...
> On Thu, 16 Dec 2010, Harald Jenny wrote:
> [ bumping this to dev at openswan.org ]
> >>> 	D) Never enable OCF in user space for openswan,  has not affect as B
> >>> 	   above removes the need for it.
> >>
> >> I'll document this a little better in Makefile.inc. Perhaps we should have
> >> two options there, one for HAVE_OCF_USERLAND and one for HAVE_OCF_KERNEL ?
> >
> > Sounds like a very good idea - but must it even be made a compile time option
> > then for KLIPS? I guess it would rather call for two options like protostack,
> > namely cryptstack and hashstack, with values "built-in" (both crypto and hash,
> > default value and fallback), "ocf" (both crypto and hash) and "cryptoapi"
> > (currently only crypto). How about this?
> The big issue is that OCF requires us to link to openssl, and for instance
> Red Hat does not allow us to do that because of certification. So, yes we
> might be able to add an option, but it would be of limited value.
> >> Okay, and that's probably the most useful and easest to do. So a dkms without
> >> userland ocf pacakge. Then change the klips DKMS to require the ocf-dkms.
> >
> > Well I would rather call it an option, not a requirements - maybe there are
> > people out there who don't want to use OCF?
> David, can we have a module parameter for OCF? eg modprobe ipsec ocf={0,1} ?

What would the parameter do ?

If this is to enable/disable ocf,  then we have the problem of loading with
needing ocf to be loaded.

I don't think it's useful,  OCF support is a noop if you don't load and OCF

> >> Harald, let's focus on getting the ocf dkms package going? That's the big one
> >> for everyone right now.
> >
> > I can prepare a package for you but it won't be ready before next week, about
> > inclusion into standard Debian we will have to wait after Squeeze release.


David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Dev mailing list