[Openswan dev] openswan 2.6.24 and kernels > 2.6.31 mostly working

David McCullough David_Mccullough at securecomputing.com
Sun Jan 3 16:50:23 EST 2010


Jivin Paul Wouters lays it down ...
> On Mon, 28 Dec 2009, Michael Richardson wrote:
> 
> > I didn't entirely have any intention of supporting older kernels in the
> > work that I did.
> >
> > My opinion is that the time to maintain KLIPS that works on multiple
> > kernels is over: that there should be a patch set for each kernel
> > version, maintained (rebased) atop the 2.6.X.Y trees.
> 
> A wide variety of kernels is still in use. While I can see we don't need
> to support every single kernel version, we still need to support very
> different kernels. Ranging from 2.6.18 (RHEL/centos) to 2.4 (embedded)
> to 2.6.32 (fedora). Similar versioning for other vendors applies.

I tend to agree.   The approach I usually take is to use the newest APIs
then have as much a possible in the kversion.h to make it build and work on
older stuff.

> Gutting klips will certainly help somewhat in this task. Ideally, only
> crypto through cryptoapi should be supported.

I'd be happy if we just moved all the crypto out to it's own modules a
little like cryptoapi and ocf.  We could still support the OSW crypto
that way if it has a purpose,  but it would clear out a lot of messy
codef.

Cheers,
Davidm


-- 
David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org


More information about the Dev mailing list