Date: Fri, 10 May 2019 18:39:39 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: Andrew Gallatin <gallatin@freebsd.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf Message-ID: <20190510183939.GA75776@FreeBSD.org> In-Reply-To: <1a15a141-89b7-9169-e4cc-df585e92ada1@yandex.ru> References: <201905092238.x49McFCO015665@repo.freebsd.org> <20190510084620.GA47901@FreeBSD.org> <1a15a141-89b7-9169-e4cc-df585e92ada1@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 10, 2019 at 12:11:47PM +0300, Andrey V. Elsukov wrote: > On 10.05.2019 11:46, Alexey Dokuchaev wrote: > > ... > > What is the reason behind having IPSEC_SUPPORT option instead of no > > special option at all? > > IPSEC_SUPPORT builds into the kernel PF_KEY domain protocol, that is > required by IPsec implementation to interact with userlevel. Currently > the kernel does not support unregistering of protocol domains. This is > mostly why option IPSEC_SUPPORT was introduced. Okay, I see, thank you Andrey for explanation. > The second cause -- reduce overhead that IPSEC produces even when it > is not used. So does it mean that if I don't plan to use IPSEC, I can safely remove IPSEC_SUPPORT from my config and also get slight performance boost? ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190510183939.GA75776>