From owner-freebsd-hackers Sat Oct 6 1:46: 2 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 2AF6837B403; Sat, 6 Oct 2001 01:45:58 -0700 (PDT) Received: from mindspring.com (dialup-209.245.136.251.Dial1.SanJose1.Level3.net [209.245.136.251]) by pintail.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id BAA03103; Sat, 6 Oct 2001 01:45:56 -0700 (PDT) Message-ID: <3BBEC4F7.D15FF792@mindspring.com> Date: Sat, 06 Oct 2001 01:46:47 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: hackers@freebsd.org Cc: net@freebsd.org Subject: IPSEC sucking up memory Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG While investigating a problem, I noticed that the IPSEC code is initializing the sp -- even when no one is using IPSEC. Is there a good reason why this is not late-bound, and the IPSEC code is initializing and copying and checking the security policy pointer, even in the absense of actual use of security over socket links? It turns out that this really, really bloats the per socket memory requirements, with the only real result being a lot of extra processing that could be replaced by a pointer is not NULL check. It seems to me that this could be handled in the TCP, UDP, and IP userreq code by only initializing the thing in the case that a policy has been set. Is there some reason why this can't be done? -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message