Welcome! Log In Create A New Profile

Advanced

Wishlist: Kernel with XFRM (transform interfaces support?)

Posted by 4920441 
Forum List Message List New Topic
4920441
Wishlist: Kernel with XFRM (transform interfaces support?)
December 18, 2020 12:39PM
Hi,

I just installed thelatest kernel from you on my Zyxel NSA325v2

Linux zyxxy2 5.9.12-kirkwood-tld-1 #1.0 PREEMPT Sat Dec 5 14:05:39 PST 2020 armv5tel GNU/Linux

but I reconed that XFRM interfaces aren't compiled in the kernel :-( (see screenshot, which I have now marked as module) 



root@zyxxy2:/usr/src# ip link add xfrm3 type xfrm dev eth0 if_id 0x123 
Error: Unknown device type.
root@zyxxy2:/usr/src# uname -a
Linux zyxxy2 5.9.12-kirkwood-tld-1 #1.0 PREEMPT Sat Dec 5 14:05:39 PST 2020 armv5tel GNU/Linux
root@zyxxy2:/usr/src#

Would it break something else if you enable this in your kernel config?
xtrm Interfaces are used for strongswan as tunnel interfaces, which make lots of thing much easier than vti interfaces - since the marvell cpu has a build in crypto-engine, that option should make a lot of sense, I think:-)

Cheers

4920441



Edited 1 time(s). Last edit at 12/18/2020 01:01PM by 4920441.
Reply Quote
Attachments:
open | download - xfrm.png (35.7 KB)
bodhi
Re: Wishlist: Kernel with XFRM (transform interfaces support?)
December 19, 2020 12:35AM
Let me take a look and let you know.

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Reply Quote
4920441
Re: Wishlist: Kernel with XFRM (transform interfaces support?)
December 19, 2020 08:33AM
Hi,

thanks for takin a look. I just compile my own kernel right now (latest stable)... but being 'lazy' I did not want to set up a crosscompiling environment and thought, that would be a nice burn in test for the newly flashed NSA325 as well........

Okay.... I thought the days where I have to wait a whole day for a compiling a kernel where long over:-) No, they are back:-)

Remember me setting up a crosscompiler next time;-)

Cheers,

4920441
Reply Quote
bodhi
Re: Wishlist: Kernel with XFRM (transform interfaces support?)
December 19, 2020 04:46PM
4920441,

I will add XFRM_INTERFACE as loadable module in the next kernel release.


> Okay.... I thought the days where I have to wait a
> whole day for a compiling a kernel where long
> over:-) No, they are back:-)

Yeah :) it takes about 6 hours to compile the kernel on this NSA325v2 alone.

I do build the Kirkwood kernel natively, but using distcc to distribute the works to many other boxes (4 to 10 nodes) in my build farm.

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Reply Quote
4920441
Re: Wishlist: Kernel with XFRM (transform interfaces support?)
December 20, 2020 08:16AM
BTW: after compiling and generating the debian packages with user configurable xfrm devices, it works like a charm:-)

Don't know for shure if the hardware encryption is used, but since "irq/29-f1030000" makes the most load, I think so: 

[74603.467463] alg: No test for echainiv(authenc(hmac(sha256),cbc(aes))) (echainiv(authenc(hmac(sha256-generic),mv-cbc-aes)))
[74991.523806] alg: No test for seqiv(rfc4106(gcm(aes))) (seqiv(rfc4106(gcm_base(ctr(aes-generic),ghash-generic))))


No negative sideeffects so far:-)

Cheers

4920441
Reply Quote
bodhi
Re: Wishlist: Kernel with XFRM (transform interfaces support?)
December 20, 2020 03:28PM
> No negative sideeffects so far:-)

Cool!

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Reply Quote
Newer Topic Older Topic
Author:

Your Email:


Subject:
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right. If you enter the wrong code, a new image is created and you get another chance to enter it right.
Message: