[Openswan dev] openswan 2.6.24 and kernels > 2.6.31 mostly working
David McCullough
David_Mccullough at securecomputing.com
Sun Jan 3 16:50:23 EST 2010
Jivin Paul Wouters lays it down ...
> On Mon, 28 Dec 2009, Michael Richardson wrote:
>
> > I didn't entirely have any intention of supporting older kernels in the
> > work that I did.
> >
> > My opinion is that the time to maintain KLIPS that works on multiple
> > kernels is over: that there should be a patch set for each kernel
> > version, maintained (rebased) atop the 2.6.X.Y trees.
>
> A wide variety of kernels is still in use. While I can see we don't need
> to support every single kernel version, we still need to support very
> different kernels. Ranging from 2.6.18 (RHEL/centos) to 2.4 (embedded)
> to 2.6.32 (fedora). Similar versioning for other vendors applies.
I tend to agree. The approach I usually take is to use the newest APIs
then have as much a possible in the kversion.h to make it build and work on
older stuff.
> Gutting klips will certainly help somewhat in this task. Ideally, only
> crypto through cryptoapi should be supported.
I'd be happy if we just moved all the crypto out to it's own modules a
little like cryptoapi and ocf. We could still support the OSW crypto
that way if it has a purpose, but it would clear out a lot of messy
codef.
Cheers,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
More information about the Dev
mailing list