[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libreswan-dev
Subject:    Re: [Swan-dev] skipping init_pfkey()
From:       Andrew Cagney <andrew.cagney () gmail ! com>
Date:       2018-07-20 16:50:24
Message-ID: CAJeAr6v9hMfzpQFG5j07R0wQYVF4_ZLPoGmFzViLndSG3FpTRg () mail ! gmail ! com
[Download RAW message or body]

On Thu, 19 Jul 2018 at 09:38, Paul Wouters <paul@nohats.ca> wrote:
>
>
> Note that calling the kernel functions for registration might do
> something inside the kernel. Since we are modprobing most things
> now, we are likely not using it now. But soon when there is an
> XFRM version to replace the PF_KEY function in the kernel, that
> function will actually initialise (and/or load kernel module)
> when initialising. So we might have to re-instate something
> again soon.

Yea. NETLINK_XFRM fixing this would be nice.  The hooks are all still there.

I suspect this all works because 'ipsec start' forces all the required
kernel modules to be loaded before starting pluto (true?).  Even with
this change applied west.console.verbose.txt contains logs from what
look like kernel modules being loaded:

# ipsec start
[   63.953008] sha512_ssse3: Neither AVX nor SSSE3 is available/usable.
[   63.959133] sha256_ssse3: Neither AVX nor SSSE3 is available/usable.
[   63.981318] AVX instructions are not detected.

and this is well before the point where pluto probes the kernel for
supported algorithms (that happens during the connection).

Andrew


> Paul
>
> ---------- Forwarded message ----------
> Date: Thu, 19 Jul 2018 08:30:49
> From: Andrew Cagney <cagney@vault.libreswan.fi>
> To: swan-commit@lists.libreswan.org
> Subject: [Swan-commit] Changes to ref refs/heads/master
>
> New commits:
> commit b248daa3564a55c216632d928d9028f56e478158
> Author: Andrew Cagney <cagney@gnu.org>
> Date:   Wed Jul 18 22:44:28 2018 -0400
>
>      xfrm: don't call init_pfkey() during initialization
>
>      No need since algorithms are all hardwired.
>
>      Leave the comment: PF_KEY API in Linux with netkey is a joke that
>      should be abandoned ...
>
> _______________________________________________
> Swan-commit mailing list
> Swan-commit@lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-commit
> _______________________________________________
> Swan-dev mailing list
> Swan-dev@lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic