Date: Sat, 18 Oct 2008 20:18:13 +0200 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: Re: conf/128030: [request] Isn't it time to enable IPsec in GENERIC? Message-ID: <200810182018.13757.max@love2party.net> In-Reply-To: <48FA1756.1080708@freebsd.org> References: <200810181655.m9IGtxWk089117@freefall.freebsd.org> <48FA1756.1080708@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 18 October 2008 19:05:26 Sam Leffler wrote: > gavin@freebsd.org wrote: > > Synopsis: [request] Isn't it time to enable IPsec in GENERIC? > > > > Responsible-Changed-From-To: freebsd-bugs->freebsd-net > > Responsible-Changed-By: gavin > > Responsible-Changed-When: Sat Oct 18 16:55:14 UTC 2008 > > Responsible-Changed-Why: > > Over to maintainer(s) for consideration > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=128030 > > Last I checked IPSEC added noticeable overhead. Before anyone does this > you need to measure the cost of having it enabled but not used. It should be possible to turn IPSEC into a module - maybe only loadable on boot to avoid locking issues. This would reduce the overhead to a handful of function pointer checks that should not impact performance (thanks to modern branch prediction and cache sizes). This would have to be measured as well, of course. Maybe this should go to the project page? It's a good junior kernel hacker project, I believe. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810182018.13757.max>