From owner-freebsd-net@FreeBSD.ORG Sat Oct 18 18:18:18 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22F9B1065691 for ; Sat, 18 Oct 2008 18:18:18 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.freebsd.org (Postfix) with ESMTP id A62A08FC17 for ; Sat, 18 Oct 2008 18:18:17 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-023-129.pools.arcor-ip.net [88.66.23.129]) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis) id 0ML21M-1KrGNT1B9U-00021i; Sat, 18 Oct 2008 20:18:15 +0200 Received: (qmail 68792 invoked from network); 18 Oct 2008 18:18:14 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by laiers.local with SMTP; 18 Oct 2008 18:18:14 -0000 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Sat, 18 Oct 2008 20:18:13 +0200 User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; ) References: <200810181655.m9IGtxWk089117@freefall.freebsd.org> <48FA1756.1080708@freebsd.org> In-Reply-To: <48FA1756.1080708@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200810182018.13757.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18PTPgXQgrGIsmjQ1ikClmdrnZ9Uj6fUkTuzrU OdxzcF43Y49D/WCY57uJ5fSqXoBSBvj2tlTTeGRon8nQqUH760 KNNa78+YRSPewxJRIMc8g== Cc: freebsd-hackers@freebsd.org Subject: Re: conf/128030: [request] Isn't it time to enable IPsec in GENERIC? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2008 18:18:18 -0000 On Saturday 18 October 2008 19:05:26 Sam Leffler wrote: > gavin@freebsd.org wrote: > > Synopsis: [request] Isn't it time to enable IPsec in GENERIC? > > > > Responsible-Changed-From-To: freebsd-bugs->freebsd-net > > Responsible-Changed-By: gavin > > Responsible-Changed-When: Sat Oct 18 16:55:14 UTC 2008 > > Responsible-Changed-Why: > > Over to maintainer(s) for consideration > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=128030 > > Last I checked IPSEC added noticeable overhead. Before anyone does this > you need to measure the cost of having it enabled but not used. It should be possible to turn IPSEC into a module - maybe only loadable on boot to avoid locking issues. This would reduce the overhead to a handful of function pointer checks that should not impact performance (thanks to modern branch prediction and cache sizes). This would have to be measured as well, of course. Maybe this should go to the project page? It's a good junior kernel hacker project, I believe. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News