IPSEC hasn’t been maintained in basically forever in DragonFly, so it’s been removed. It was only still mentioned in the VKERNEL configs, so if you have a custom VKERNEL config file, remove any mention of IPSEC, IPSEC_ESP, or IPSEC_DEBUG. Otherwise, nothing to worry about.
16 Replies to “IPSEC out in DragonFly”
Comments are closed.
FreeBSD uses FAST_IPSEC, yet it doesn’t build on DragonflyBSD
https://www.freebsd.org/cgi/man.cgi?query=fast_ipsec&sektion=4&manpath=FreeBSD+4.8-RELEASE
You realize you are pointing at a code break over a decade old, correct?
What is the currently recommended VPN solution for Dragonfly?
I thiiiink Matt is using OpenVPN with good results right now to connect two sites. My information may be out of date.
OpenVPN works fine.
I’m using it with a mix of DragonFly and Debian systems and even run a remote Elasticsearch node through an OpenVPN tunnel for what it is worth.
Makes me wonder how much other dead code exists in Dragonfly.
Linux just purged a bunch of code.
https://news.ycombinator.com/item?id=16847589
First Linux kernel release where they removed more code than they added.
+1 for dragonfly to do a code audit and remove all unused code
Kk – I think there’s posts on the Digest historically where I’ve pointed at massive removals/streamlined code. Searching for it should turn up several.
DragonFly is always removing older/deprecated code. It is definitely a feature.
As for purging dead code, isn’t the source in Git, which would allow anyone to clone the repo and create pull requests? They may not get accepted, but I think that would be one way for folks to help purge dead code.
Dragonfly is one of the smallest lines of code (LOC) BSD our there. Which implies active code pruning.
https://www.dragonflydigest.com/2018/02/18/20854.html#comment-487199
LOC:
– DBSD, 2.8m
– OpenBSD, 2.8m
– NetBSD, 7.3m
– FreeBSD, 9m
The only thing that is odd is that OpenBSD supports way more architectures yet is the same LOC as Dragonfly
And Linux kernel, yes just kernel, is 20m LOC.
https://www.linuxcounter.net/statistics/kernel
@Tim
Based on your numbers, OpenBSD and Dragonfly look quite impressive.
OpenBSD is quite agressive with removing stuff that’s not maintained. They ripped out the entire Bluetooth stack, and as everyone knows they also forked OpenSSL and removed all the old crap (support for MS-DOS, etc.)
They even came up with their own verb for that process: tedu (named after OpenBSD commiter Ted Unangst a.k.a. tedu).
So you see many commits with a comment like this one:
https://github.com/jyin0813/OpenBSD-src/commit/7a564f2764b903a744ee25715eded42615072bff
@Anon
That’s awesome they are that aggressive of removing the old and unmaintained.
Would you consider OpenBSD the “most aggressive” at doing this out of all of the BSDs?
DragonFly is probably as aggressive, although for different reasons. In OpenBSD they remove stuff that is not maintained because it’s a way to remove bugs, including security bugs; in DragonFly I think it’s more because it stands in the way of re-designing and improving the kernel.
They have different priorities. While no one was maintaining IPsec in DragonFly, it’s well-maintained in OpenBSD (which was in fact the first open source OS to have an IPsec stack).