Date: Fri, 10 May 2019 12:11:47 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Alexey Dokuchaev <danfe@freebsd.org>, Andrew Gallatin <gallatin@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf Message-ID: <1a15a141-89b7-9169-e4cc-df585e92ada1@yandex.ru> In-Reply-To: <20190510084620.GA47901@FreeBSD.org> References: <201905092238.x49McFCO015665@repo.freebsd.org> <20190510084620.GA47901@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6Eex5IEh3dSPj9RBDzoWbFqwXIwbrlWkz Content-Type: multipart/mixed; boundary="DGFuGz2PU0bGOc9mMeEHokl0PiCNhvJsi"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Alexey Dokuchaev <danfe@freebsd.org>, Andrew Gallatin <gallatin@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: <1a15a141-89b7-9169-e4cc-df585e92ada1@yandex.ru> Subject: Re: svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf References: <201905092238.x49McFCO015665@repo.freebsd.org> <20190510084620.GA47901@FreeBSD.org> In-Reply-To: <20190510084620.GA47901@FreeBSD.org> --DGFuGz2PU0bGOc9mMeEHokl0PiCNhvJsi Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10.05.2019 11:46, Alexey Dokuchaev wrote: > On Thu, May 09, 2019 at 10:38:15PM +0000, Andrew Gallatin wrote: >> Author: gallatin >> Date: Thu May 9 22:38:15 2019 >> New Revision: 347410 >> URL: https://svnweb.freebsd.org/changeset/base/347410 >> >> Log: >> Remove IPSEC from GENERIC due to performance issues >> =20 >> @@ -30,7 +30,6 @@ options PREEMPTION # Enable ... >> options VIMAGE # Subsystem virtualization, e.g. VNET >> options INET # InterNETworking >> options INET6 # IPv6 communications protocols >> -options IPSEC # IP (v4/v6) security >> options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 >=20 > I've asked this question some two years ago, but no one could answer it= > back then, so I'll try again. >=20 > What is the reason behind having IPSEC_SUPPORT option instead of no spe= cial > option at all? If I grep for SUPPORT in conf/GENERIC, I see things lik= e > INVARIANT_SUPPORT or IEEE80211_SUPPORT_MESH (with meaningful explanatio= ns) > but IPSEC_SUPPORT which, per the comment, "allows to kldload of ipsec a= nd > tcpmd5", is totally beyond me. Lots of kernel features are/can be load= ed > as modules, but we don't have things like SOUND_SUPPORT or USB_SUPPORT.= IPSEC_SUPPORT builds into the kernel PF_KEY domain protocol, that is required by IPsec implementation to interact with userlevel. Currently the kernel does not support unregistering of protocol domains. This is mostly why option IPSEC_SUPPORT was introduced. The second cause - reduce overhead that IPSEC produces even when it is not used. --=20 WBR, Andrey V. Elsukov --DGFuGz2PU0bGOc9mMeEHokl0PiCNhvJsi-- --6Eex5IEh3dSPj9RBDzoWbFqwXIwbrlWkz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlzVQFMACgkQAcXqBBDI oXqSZQgAi2IYPbimzehJeAXBlrNEbkWvoYTVkz/rGV7mVFRJWmKm9nT/Jk5X5joA 6Noi4uDPY6IVMU8XL5fDHRVhQHfpGHpN2ehOXfxQlC4AjOje0R/02uZbt3MLI2Pg 1hbdd+601vA7qBsh3m6IweUp3LxwtjGk6O6mQ9qTgY3NwgFw8HOt6eIxR/xHJ6a1 jQAFYhH+vPrAuN6kntSbzeEpexoarVGyxZfLAtwANksTeZEneQUGR8HGJ+hKAh1V HKiAGinVMF5zU+oaZIvDFnje302zUaoJAcoLLIzsT3AknievtyZJ7x8F/KUXXTpP mW/dGjuzPk+OA1CW0EuXmx9cIv//1w== =ncWS -----END PGP SIGNATURE----- --6Eex5IEh3dSPj9RBDzoWbFqwXIwbrlWkz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1a15a141-89b7-9169-e4cc-df585e92ada1>