From owner-svn-src-all@freebsd.org Fri May 10 08:46:21 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67D08159C262; Fri, 10 May 2019 08:46:21 +0000 (UTC) (envelope-from danfe@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 008E696122; Fri, 10 May 2019 08:46:21 +0000 (UTC) (envelope-from danfe@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1033) id CCC7D637; Fri, 10 May 2019 08:46:20 +0000 (UTC) Date: Fri, 10 May 2019 08:46:20 +0000 From: Alexey Dokuchaev To: Andrew Gallatin Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf Message-ID: <20190510084620.GA47901@FreeBSD.org> References: <201905092238.x49McFCO015665@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201905092238.x49McFCO015665@repo.freebsd.org> User-Agent: Mutt/1.11.4 (2019-03-13) X-Rspamd-Queue-Id: 008E696122 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.89 / 15.00]; NEURAL_HAM_MEDIUM(-0.98)[-0.983,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.91)[-0.909,0] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 May 2019 08:46:21 -0000 On Thu, May 09, 2019 at 10:38:15PM +0000, Andrew Gallatin wrote: > Author: gallatin > Date: Thu May 9 22:38:15 2019 > New Revision: 347410 > URL: https://svnweb.freebsd.org/changeset/base/347410 > > Log: > Remove IPSEC from GENERIC due to performance issues > > @@ -30,7 +30,6 @@ options PREEMPTION # Enable ... > options VIMAGE # Subsystem virtualization, e.g. VNET > options INET # InterNETworking > options INET6 # IPv6 communications protocols > -options IPSEC # IP (v4/v6) security > options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 I've asked this question some two years ago, but no one could answer it back then, so I'll try again. What is the reason behind having IPSEC_SUPPORT option instead of no special option at all? If I grep for SUPPORT in conf/GENERIC, I see things like INVARIANT_SUPPORT or IEEE80211_SUPPORT_MESH (with meaningful explanations) but IPSEC_SUPPORT which, per the comment, "allows to kldload of ipsec and tcpmd5", is totally beyond me. Lots of kernel features are/can be loaded as modules, but we don't have things like SOUND_SUPPORT or USB_SUPPORT. ./danfe