Re: The IPsec kernel problem

To: debian-devel@lists.debian.org
Subject: Re: The IPsec kernel problem
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Fri, 03 Oct 2003 18:16:22 +1000
Message-id: <[🔎] E1A5L6s-0005Py-00@gondolin.me.apana.org.au>
In-reply-to: <[🔎] 20031002234154.GA25533@diamond.madduck.net>

martin f krafft <madduck@debian.org> wrote:
> 
>  * If it's a feature, can it be disabled/enabled at runtime?
> 
>    Sinec we're making generic kernels, this is a must.  The presence
>    of the patch should not prevent me from doing something that I would
>    otherwise be able to do.
> 
> I cannot disable IPsec at runtime as I cannot replace the IP stack
> at runtime, and it modifies the IP stack. Moreover, you state the

The IPSEC stack does nothing unless you specify policies through
PFKEY or NETLINK.  In other words, it is disabled by default.

> reason why you should not put IPsec in the kernel right there: "The
> presence of the patch should not prevent me from doing something
> that I would otherwise be able to do." Well, it does.

It does not prevent you from doing anything with the *kernel image*
that you otherwise would be able to do.

You argument fails even with the kernel source as the patch is easily
reversed.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to:

Follow-Ups:
- Re: The IPsec kernel problem
  - From: martin f krafft <madduck@debian.org>

References:
- Re: The IPsec kernel problem
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: Re: Where are we now? (Was: Bits from the RM)
Next by Date: Re: Which packages will hold up the release?
Previous by thread: Re: The IPsec kernel problem
Next by thread: Re: The IPsec kernel problem
Index(es):
- Date
- Thread