From owner-freebsd-hackers@FreeBSD.ORG  Sat Oct 18 18:18:17 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DEACB106568F
	for <freebsd-hackers@freebsd.org>; Sat, 18 Oct 2008 18:18:17 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.171])
	by mx1.freebsd.org (Postfix) with ESMTP id 6DD748FC08
	for <freebsd-hackers@freebsd.org>; Sat, 18 Oct 2008 18:18:17 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from vampire.homelinux.org (dslb-088-066-023-129.pools.arcor-ip.net
	[88.66.23.129])
	by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis)
	id 0ML25U-1KrGNT0mf8-00013v; Sat, 18 Oct 2008 20:18:15 +0200
Received: (qmail 68792 invoked from network); 18 Oct 2008 18:18:14 -0000
Received: from fbsd8.laiers.local (192.168.4.151)
	by laiers.local with SMTP; 18 Oct 2008 18:18:14 -0000
From: Max Laier <max@love2party.net>
Organization: FreeBSD
To: freebsd-net@freebsd.org
Date: Sat, 18 Oct 2008 20:18:13 +0200
User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; )
References: <200810181655.m9IGtxWk089117@freefall.freebsd.org>
	<48FA1756.1080708@freebsd.org>
In-Reply-To: <48FA1756.1080708@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200810182018.13757.max@love2party.net>
X-Provags-ID: V01U2FsdGVkX1+CZ06YiM+EzKx8kSzH/8V/X6n1FeVuV1jpqww
	8VjgDyMilU3enY/v3cWUued6/HAF4cNYevYZe9CZte1GRXTPdC
	er8WdJC+2l0LzcjCWDw9A==
Cc: freebsd-hackers@freebsd.org
Subject: Re: conf/128030: [request] Isn't it time to enable IPsec in GENERIC?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Oct 2008 18:18:17 -0000

On Saturday 18 October 2008 19:05:26 Sam Leffler wrote:
> gavin@freebsd.org wrote:
> > Synopsis: [request] Isn't it time to enable IPsec in GENERIC?
> >
> > Responsible-Changed-From-To: freebsd-bugs->freebsd-net
> > Responsible-Changed-By: gavin
> > Responsible-Changed-When: Sat Oct 18 16:55:14 UTC 2008
> > Responsible-Changed-Why:
> > Over to maintainer(s) for consideration
> >
> > http://www.freebsd.org/cgi/query-pr.cgi?pr=128030
>
> Last I checked IPSEC added noticeable overhead.  Before anyone does this
> you need to measure the cost of having it enabled but not used.

It should be possible to turn IPSEC into a module - maybe only loadable on 
boot to avoid locking issues.  This would reduce the overhead to a handful of 
function pointer checks that should not impact performance (thanks to modern 
branch prediction and cache sizes).  This would have to be measured as well, 
of course.  Maybe this should go to the project page?  It's a good junior 
kernel hacker project, I believe.

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News