Date: Fri, 30 Jan 2009 20:20:05 GMT From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: freebsd-net@FreeBSD.org Subject: Re: conf/128030: [request] Isn't it time to enable IPsec in GENERIC? Message-ID: <200901302020.n0UKK5Qa042215@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/128030; it has been noted by GNATS. From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: bug-followup@FreeBSD.org, lionel.fourquaux+fbsdbug@normalesup.org Cc: Subject: Re: conf/128030: [request] Isn't it time to enable IPsec in GENERIC? Date: Fri, 30 Jan 2009 20:10:45 +0000 (UTC) Hi, the problem here is that enabling IPsec adds overhead to the entire IPv4/v6 network stack handling. A lot of people are currently working on performnce optimizations for all kinds of different setups. All those would be hurt if IPSEC would be on by default and they wouldn't need it. That's all kinds of various ISP server business for example. If we want to enable IPSEC by default on GENERIC the criteria to fix is "it must not measurably add up to processing times/reduce pps/.." if the connections do not use it. /bz -- Bjoern A. Zeeb The greatest risk is not taking one.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901302020.n0UKK5Qa042215>