Date: Fri, 10 May 2019 08:46:20 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: Andrew Gallatin <gallatin@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf Message-ID: <20190510084620.GA47901@FreeBSD.org> In-Reply-To: <201905092238.x49McFCO015665@repo.freebsd.org> References: <201905092238.x49McFCO015665@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 09, 2019 at 10:38:15PM +0000, Andrew Gallatin wrote: > Author: gallatin > Date: Thu May 9 22:38:15 2019 > New Revision: 347410 > URL: https://svnweb.freebsd.org/changeset/base/347410 > > Log: > Remove IPSEC from GENERIC due to performance issues > > @@ -30,7 +30,6 @@ options PREEMPTION # Enable ... > options VIMAGE # Subsystem virtualization, e.g. VNET > options INET # InterNETworking > options INET6 # IPv6 communications protocols > -options IPSEC # IP (v4/v6) security > options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 I've asked this question some two years ago, but no one could answer it back then, so I'll try again. What is the reason behind having IPSEC_SUPPORT option instead of no special option at all? If I grep for SUPPORT in conf/GENERIC, I see things like INVARIANT_SUPPORT or IEEE80211_SUPPORT_MESH (with meaningful explanations) but IPSEC_SUPPORT which, per the comment, "allows to kldload of ipsec and tcpmd5", is totally beyond me. Lots of kernel features are/can be loaded as modules, but we don't have things like SOUND_SUPPORT or USB_SUPPORT. ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190510084620.GA47901>