conf/128030: [request] Isn't it time to enable IPsec in GENERIC?
Max Laier
max at love2party.net
Sat Oct 18 18:18:18 UTC 2008
On Saturday 18 October 2008 19:05:26 Sam Leffler wrote:
> gavin at freebsd.org wrote:
> > Synopsis: [request] Isn't it time to enable IPsec in GENERIC?
> >
> > Responsible-Changed-From-To: freebsd-bugs->freebsd-net
> > Responsible-Changed-By: gavin
> > Responsible-Changed-When: Sat Oct 18 16:55:14 UTC 2008
> > Responsible-Changed-Why:
> > Over to maintainer(s) for consideration
> >
> > http://www.freebsd.org/cgi/query-pr.cgi?pr=128030
>
> Last I checked IPSEC added noticeable overhead. Before anyone does this
> you need to measure the cost of having it enabled but not used.
It should be possible to turn IPSEC into a module - maybe only loadable on
boot to avoid locking issues. This would reduce the overhead to a handful of
function pointer checks that should not impact performance (thanks to modern
branch prediction and cache sizes). This would have to be measured as well,
of course. Maybe this should go to the project page? It's a good junior
kernel hacker project, I believe.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-net
mailing list