From owner-svn-src-head@freebsd.org Fri May 10 12:45:12 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7476A15A249B; Fri, 10 May 2019 12:45:12 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0B8156FD58; Fri, 10 May 2019 12:45:12 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1hP4tW-0009TH-5N; Fri, 10 May 2019 15:44:58 +0300 Date: Fri, 10 May 2019 15:44:58 +0300 From: Slawa Olhovchenkov To: Andrew Gallatin Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf Message-ID: <20190510124458.GB65054@zxy.spb.ru> References: <201905092238.x49McFCO015665@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201905092238.x49McFCO015665@repo.freebsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-Rspamd-Queue-Id: 0B8156FD58 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.94 / 15.00]; NEURAL_HAM_MEDIUM(-0.99)[-0.993,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.95)[-0.947,0] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 May 2019 12:45:12 -0000 On Thu, May 09, 2019 at 10:38:15PM +0000, Andrew Gallatin wrote: > Author: gallatin > Date: Thu May 9 22:38:15 2019 > New Revision: 347410 > URL: https://svnweb.freebsd.org/changeset/base/347410 > > Log: > Remove IPSEC from GENERIC due to performance issues > > Having IPSEC compiled into the kernel imposes a non-trivial > performance penalty on multi-threaded workloads due to IPSEC > refcounting. In my benchmarks of multi-threaded UDP > transmit (connected sockets), I've seen a roughly 20% performance > penalty when the IPSEC option is included in the kernel (16.8Mpps > vs 13.8Mpps with 32 senders on a 14 core / 28 HTT Xeon > 2697v3)). This is largely due to key_addref() incrementing and > decrementing an atomic reference count on the default > policy. This cause all CPUs to stall on the same cacheline, as it > bounces between different CPUs. > > Given that relatively few users use ipsec, and that it can be > loaded as a module, it seems reasonable to ask those users to > load the ipsec module so as to avoid imposing this penalty on the > GENERIC kernel. Its my hope that this will make FreeBSD look > better in "out of the box" benchmark comparisons with other > operating systems. > > Many thanks to ae for fixing auto-loading of ipsec.ko when > ifconfig tries to configure ipsec, and to cy for volunteering > to ensure the the racoon ports will load the ipsec.ko module > > Reviewed by: cem, cy, delphij, gnn, jhb, jpaetzel > Differential Revision: https://reviews.freebsd.org/D20163 pf have ifdef for IPSEC, but don't have support IPSEC_SUPPORT (netpfil/pf/if_pfsync.c).