[Openswan dev] ocf debian

Harald Jenny harald at a-little-linux-box.at
Sun Dec 19 16:02:07 EST 2010 

On Sat, Dec 18, 2010 at 01:48:32PM +1000, David McCullough wrote:
> 
> Jivin Harald Jenny lays it down ...
> ...
> > > > > Well I would rather call it an option, not a requirements - maybe there are
> > > > > people out there who don't want to use OCF?
> > > > 
> > > > David, can we have a module parameter for OCF? eg modprobe ipsec ocf={0,1} ?
> > > 
> > > What would the parameter do ?
> > 
> > I guess enable or disable use of OCF ;-) ?
> 
> But you can do that by not loading any OCF drivers.

Ok but then KLIPS may not be compiled with OCF support...

> 
> > > If this is to enable/disable ocf,  then we have the problem of loading with
> > > needing ocf to be loaded.
> > 
> > You mean when compiled with OCF we must load something?
> 
> If klips has OCF support included,  then the OCF driver must be loaded.

See above - this would mean there would have to be different packages for OCF
and non-OCF KLIPS.

> There are a couple of ways around this.
> 
> 1) use OCF like a DLL,  load it then ask for entry points.

Maybe the best of all bad choices here?

> 
> 2) make a klips-ocf modules that loads and registers with klips to do OCF
>    processing.  We could do the same for cryptoapi and the internal cryhpto
>    then.

This would not be acceptable to Paul I guess.

> 
> > > I don't think it's useful,  OCF support is a noop if you don't load and OCF
> > > drivers.
> > 
> > It would be bypassed completely?
> 
> 
> If OCF has no drivers loaded,  it does nothing.

This means when I have the OCF modules compiled and installed and I do not want
to use them but just internal or cryptoapi directly then I must currently
rewrite the KLIPS startup script... this is not userfriendly.

> 
> > > > >> Harald, let's focus on getting the ocf dkms package going? That's the big one
> > > > >> for everyone right now.
> > > > >
> > > > > I can prepare a package for you but it won't be ready before next week, about
> > > > > inclusion into standard Debian we will have to wait after Squeeze release.
> 
> 
> Cheers,
> Davidm

Kind regards
Harald

> 
> -- 
> David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
> McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Dev mailing list