svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf
Alexey Dokuchaev
danfe at freebsd.org
Fri May 10 18:39:40 UTC 2019
On Fri, May 10, 2019 at 12:11:47PM +0300, Andrey V. Elsukov wrote:
> On 10.05.2019 11:46, Alexey Dokuchaev wrote:
> > ...
> > What is the reason behind having IPSEC_SUPPORT option instead of no
> > special option at all?
>
> IPSEC_SUPPORT builds into the kernel PF_KEY domain protocol, that is
> required by IPsec implementation to interact with userlevel. Currently
> the kernel does not support unregistering of protocol domains. This is
> mostly why option IPSEC_SUPPORT was introduced.
Okay, I see, thank you Andrey for explanation.
> The second cause -- reduce overhead that IPSEC produces even when it
> is not used.
So does it mean that if I don't plan to use IPSEC, I can safely remove
IPSEC_SUPPORT from my config and also get slight performance boost?
./danfe
More information about the svn-src-all
mailing list