From owner-freebsd-hackers Mon Oct 22 21: 4:57 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 2082D37B401; Mon, 22 Oct 2001 21:04:53 -0700 (PDT) Received: from localhost ([3ffe:501:4819:1000:260:1dff:fe21:f766]) by mine.kame.net (8.11.1/3.7W) with ESMTP id f9N4GfH31742; Tue, 23 Oct 2001 13:16:41 +0900 (JST) To: tlambert2@mindspring.com Cc: hackers@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: IPSEC sucking up memory In-Reply-To: Your message of "Sat, 06 Oct 2001 01:46:47 -0700" <3BBEC4F7.D15FF792@mindspring.com> References: <3BBEC4F7.D15FF792@mindspring.com> X-Mailer: Cue version 0.6 (010810-1737/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20011023130449I.sakane@kame.net> Date: Tue, 23 Oct 2001 13:04:49 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 18 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > While investigating a problem, I noticed that the IPSEC code > is initializing the sp -- even when no one is using IPSEC. > It turns out that this really, really bloats the per socket > memory requirements, with the only real result being a lot > of extra processing that could be replaced by a pointer is > not NULL check. > It seems to me that this could be handled in the TCP, UDP, > and IP userreq code by only initializing the thing in the > case that a policy has been set. Is there some reason why > this can't be done? IPsec specification requires to consult the SPD with all of packets in order to handling the packet. it defines RFC2401. if a pointer to the entry of the SPD is NULL, it means the security policy is not defined. so the kernel consults the system wide default. it never means nothing to do. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message