[Swan-dev] skipping init_pfkey()

Andrew Cagney andrew.cagney at gmail.com
Fri Jul 20 16:50:24 UTC 2018

On Thu, 19 Jul 2018 at 09:38, Paul Wouters <paul at nohats.ca> wrote:
> Note that calling the kernel functions for registration might do
> something inside the kernel. Since we are modprobing most things
> now, we are likely not using it now. But soon when there is an
> XFRM version to replace the PF_KEY function in the kernel, that
> function will actually initialise (and/or load kernel module)
> when initialising. So we might have to re-instate something
> again soon.

Yea. NETLINK_XFRM fixing this would be nice.  The hooks are all still there.

I suspect this all works because 'ipsec start' forces all the required
kernel modules to be loaded before starting pluto (true?).  Even with
this change applied west.console.verbose.txt contains logs from what
look like kernel modules being loaded:

# ipsec start
[   63.953008] sha512_ssse3: Neither AVX nor SSSE3 is available/usable.
[   63.959133] sha256_ssse3: Neither AVX nor SSSE3 is available/usable.
[   63.981318] AVX instructions are not detected.

and this is well before the point where pluto probes the kernel for
supported algorithms (that happens during the connection).


> Paul
> ---------- Forwarded message ----------
> Date: Thu, 19 Jul 2018 08:30:49
> From: Andrew Cagney <cagney at vault.libreswan.fi>
> To: swan-commit at lists.libreswan.org
> Subject: [Swan-commit] Changes to ref refs/heads/master
> New commits:
> commit b248daa3564a55c216632d928d9028f56e478158
> Author: Andrew Cagney <cagney at gnu.org>
> Date:   Wed Jul 18 22:44:28 2018 -0400
>      xfrm: don't call init_pfkey() during initialization
>      No need since algorithms are all hardwired.
>      Leave the comment: PF_KEY API in Linux with netkey is a joke that
>      should be abandoned ...
> _______________________________________________
> Swan-commit mailing list
> Swan-commit at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-commit
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list