On Saturday 18 October 2008 19:05:26 Sam Leffler wrote: > [EMAIL PROTECTED] wrote: > > Synopsis: [request] Isn't it time to enable IPsec in GENERIC? > > > > Responsible-Changed-From-To: freebsd-bugs->freebsd-net > > Responsible-Changed-By: gavin > > Responsible-Changed-When: Sat Oct 18 16:55:14 UTC 2008 > > Responsible-Changed-Why: > > Over to maintainer(s) for consideration > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=128030 > > Last I checked IPSEC added noticeable overhead. Before anyone does this > you need to measure the cost of having it enabled but not used.
It should be possible to turn IPSEC into a module - maybe only loadable on boot to avoid locking issues. This would reduce the overhead to a handful of function pointer checks that should not impact performance (thanks to modern branch prediction and cache sizes). This would have to be measured as well, of course. Maybe this should go to the project page? It's a good junior kernel hacker project, I believe. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
