From owner-svn-src-projects@freebsd.org  Fri Dec 23 13:01:38 2016
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D27B9C8D555
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Fri, 23 Dec 2016 13:01:38 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from butcher-nb.yandex.net (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 by mx1.freebsd.org (Postfix) with ESMTP id EC6A61904;
 Fri, 23 Dec 2016 13:01:37 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Subject: Re: svn commit: r310475 - projects/ipsec/sys/conf
To: Konstantin Belousov <kostikbel@gmail.com>
References: <201612231211.uBNCBuLO019883@repo.freebsd.org>
 <20161223124839.GX94325@kib.kiev.ua>
Cc: src-committers@freebsd.org, svn-src-projects@freebsd.org
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Message-ID: <c7be0d8a-8133-0def-b0e9-1b544f2a4e40@FreeBSD.org>
Date: Fri, 23 Dec 2016 16:01:07 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101
 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <20161223124839.GX94325@kib.kiev.ua>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2016 13:01:38 -0000

On 23.12.2016 15:48, Konstantin Belousov wrote:
> On Fri, Dec 23, 2016 at 12:11:56PM +0000, Andrey V. Elsukov wrote:
>> Author: ae
>> Date: Fri Dec 23 12:11:56 2016
>> New Revision: 310475
>> URL: https://svnweb.freebsd.org/changeset/base/310475
>>
>> Log:
>>   Unconditionally build machine depended crypto(4) code when
>>   IPSEC_SUPPORT is enabled.
>
> Why ?  If ipsec is a module, why crypto cannot be a module as well ?

Hi,

Currently PF_KEY code can not be a module and it depends from crypto.
This imposes such restriction. The only benefit from having 'options 
IPSEC_SUPPORT' instead of 'options IPSEC' is reduced overhead for 
traffic flows that IPsec checking does.
But if we add ability to unload network domain(9), it will be possible 
to make PF_KEY as module too. Then this restriction could be deleted.

-- 
WBR, Andrey V. Elsukov