From owner-freebsd-stable@FreeBSD.ORG  Tue Feb 14 11:38:16 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BFC8B106564A
	for <freebsd-stable@freebsd.org>; Tue, 14 Feb 2012 11:38:16 +0000 (UTC)
	(envelope-from alexander@leidinger.net)
Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de
	[217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 222FD8FC12
	for <freebsd-stable@freebsd.org>; Tue, 14 Feb 2012 11:38:16 +0000 (UTC)
Received: from outgoing.leidinger.net (p4FC4218C.dip.t-dialin.net
	[79.196.33.140])
	by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 5A4C18448CE
	for <freebsd-stable@freebsd.org>; Tue, 14 Feb 2012 12:38:00 +0100 (CET)
Received: from webmail.leidinger.net (webmail.Leidinger.net
	[IPv6:fd73:10c7:2053:1::3:102])
	by outgoing.leidinger.net (Postfix) with ESMTPS id 8EAA02FF4
	for <freebsd-stable@freebsd.org>; Tue, 14 Feb 2012 12:37:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net;
	s=outgoing-alex; t=1329219477;
	bh=fQD5VNqaNNaKwsca5gAKltex1tdGrFqt9pW4OBP1IGU=;
	h=Date:Message-ID:From:To:Subject:References:In-Reply-To:
	Content-Type:MIME-Version;
	b=pvYkISj4ss6y3w1kWpxEnSkVT5wPBKNbWAGqBZdTJolaDc6Fue+kGH6fzpfNZP3uC
	2Z/BvIPPILJ/imaUWocATpJRgMJiUsdnKeJkfTSwIrCa8n0gkuhWFlxAXu6hTiE1nR
	sgSat2zwdMD0V2U5hNr3MWJgN62ByTVcpRHMFCJ8Tu/6/NMdH7j6t0nBtfavYFBwZQ
	lUHYaP89yjJ5aFl8E+z/o9TEHALifEgy5a5Da+LRDwwh1iSc2QZ+gdF2abyN6YEOOq
	nsMgaJgz+GMAioHZijFnaDnZ8fCxg3GZ0GS9GeXh7NrvKNcvejvAg6BZSUVgW/WNd8
	seH72MeJUIfKQ==
Received: (from www@localhost)
	by webmail.leidinger.net (8.14.5/8.14.4/Submit) id q1EBbv3A019535
	for freebsd-stable@freebsd.org; Tue, 14 Feb 2012 12:37:57 +0100 (CET)
	(envelope-from Alexander@Leidinger.net)
X-Authentication-Warning: webmail.leidinger.net: www set sender to
	Alexander@Leidinger.net using -f
Received: from 85.94.224.19 ([85.94.224.19]) by webmail.leidinger.net (Horde
	Framework) with HTTP; Tue, 14 Feb 2012 12:37:57 +0100
Date: Tue, 14 Feb 2012 12:37:55 +0100
Message-ID: <20120214123755.Horde.WkLNcJjmRSRPOkeTw7bUClA@webmail.leidinger.net>
From: Alexander Leidinger <Alexander@Leidinger.net>
To: freebsd-stable@freebsd.org
References: <20120210145604.Horde.ewjpSpjmRSRPNSH0YRHxgAk@webmail.leidinger.net>
In-Reply-To: <20120210145604.Horde.ewjpSpjmRSRPNSH0YRHxgAk@webmail.leidinger.net>
User-Agent: Internet Messaging Program (IMP) H4 (5.0.18)
Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes
MIME-Version: 1.0
Content-Disposition: inline
X-EBL-MailScanner-Information: Please contact the ISP for more information
X-EBL-MailScanner-ID: 5A4C18448CE.A27DD
X-EBL-MailScanner: Found to be clean
X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN,
	SpamAssassin (not cached, score=-0.456, required 6,
	autolearn=disabled, AWL -1.02, DKIM_SIGNED 0.10, DKIM_VALID -0.10,
	DKIM_VALID_AU -0.10, J_CHICKENPOX_42 0.60, TW_PF 0.08,
	T_RP_MATCHES_RCVD -0.01)
X-EBL-MailScanner-From: alexander@leidinger.net
X-EBL-MailScanner-Watermark: 1329824282.15957@YOEvr+9CaW5CFEaeQe4+gg
X-EBL-Spam-Status: No
Subject: Custom kernel poll summary (was: Re: Reducing the need to compile a
 custom kernel)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2012 11:38:16 -0000

Quoting Alexander Leidinger <Alexander@Leidinger.net> (from Fri, 10  
Feb 2012 14:56:04 +0100):

> Such a kernel would cover situations where people compile their own  
> kernel because they want to get rid of some unused kernel code (and  
> maybe even need the memory this frees up).
>
> The question is, is this enough? Or asked differently, why are you  
> compiling a custom kernel in a production environment (so I rule out  
> debug options zhich are not enabled in GENERIC)? Are there options  
> which you add which you can not add as a module (SW_WATCHDOG comes  
> to my mind)? If yes, which ones and how important are they for you?

Here is what I got, the first column is the number of requests, the  
second what is requested, and the 3rd my comments (basically it means,  
if there is a comment, it is not needed/possible to include in a  
modular kernel):
---snip---
5 IPSEC
4 ALTQ
2 VIMAGE                        -> not production ready (bz)
2 SW_WATCHDOG
2 IPSEC_FILTERTUNNEL            -> obsolete according to bz
2 IPFIREWALL_DEFAULT_TO_ACCEPT  -> loader.conf:  
net.inet.ip.fw.default_to_accept
2 IPFIREWALL                    -> loader.conf: ipfw_load='YES'
2 HZ=1000                       -> loader.conf: kern.hz
2 DEVICE_POLLING                -> ifconfig in 9.0 handles this at runtime?
1 enc
1 ZERO_COPY_SOCKETS             -> has known problems? can't find the  
reference,
                                    but I removed it from my kernels
1 SC_* options                  -> not a generic setting, will not include
1 ROUTETABLES=n                 -> bz is working on this
1 QUOTA
1 PF                            -> loader.conf: pf_load='YES'
1 MROUTING                      -> loader.conf: ip_mroute='YES'?
1 KTR                           -> rare use case, kernel recompile is OK
1 KDTRACE_HOOKS                 -> legal review needed
1 KDB_UNATTENDED                -> re@ wants this, but has reservations
1 KDB_TRACE                     -> re@ wants this, but has reservations
1 KDB                           -> re@ wants this, but has reservations
1 IPSTEALTH
1 IPSEC_NAT_T
1 IPFIREWALL_VERBOSE_LIMIT=5
1 IPFIREWALL_VERBOSE
1 IPFIREWALL_FORWARD            -> performance impact too big if  
unused (julian)
1 IPFILTER                      -> 2/3 firewalls can be loaded... and this one
                                    is not really maintained anymore
1 IPDIVERT                      -> loader.conf: ipdivert_load='YES'
1 GDB
1 FLOWTABLE
1 DUMMYNET                      -> loader.conf: dummynet_load='YES'
1 DIRECTIO
1 DDB_NUMSYM
1 DDB
1 BREAK_TO_DEBUGGER             -> loader.conf: debug.kdb.break_to_debugger
1 BPF_JITTER
1 ALT_BREAK_TO_DEBUGGER         -> loader.conf:  
debug.kdb.alt_break_to_debugger
---snip---

Yes, this poll is not representative...

So... what's the impact of including the following options into a  
kernel which is intended to be modular, respectively are there reasons  
to _not_ include one of the following?
---snip---
5 IPSEC                          -> we do not have a separate cryto
                                     dist, so it should be possible
                                     to include in a kernel now...
                                     legal advise needed
4 ALTQ*                          -> does add code to the pf module
                                     other impact?
2 SW_WATCHDOG                    -> should not hurt if not enabled
                                     in rc.conf
1 enc                            -> together with IPSEC
1 IPSTEALTH                      -> changes ipfw module only?
1 IPSEC_NAT_T
1 IPFIREWALL_VERBOSE_LIMIT=5     -> changes ipfw module only?
                                     loader tunable?
1 IPFIREWALL_VERBOSE             -> changes ipfw module only?
                                     loader tunable?
1 FLOWTABLE
1 DIRECTIO
1 BPF_JITTER
---snip---

Bye,
Alexander.

-- 
Q:	What is purple and concord the world?
A:	Alexander the Grape.

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137