On Tue, 8 Nov 2005, Colin Percival wrote:
Tom Grove wrote:
Richard Bejtlich wrote:
After speaking with Colin, he mentioned that IPSec, NAT, and disk
quotas (enabled via options QUOTA) are the three most popular kernel
changes that prevent people from running GENERIC and hence using
freebsd-update for binary kernel updates.
Can anyone shed light on why those three features are not available in
GENERIC?
My guess is that just because those are the three most popular kernel
changes that prevent people from running GENERIC doesn't mean that the
majority of users implement these changes.
I find this argument hard to accept. The vast majority of FreeBSD users
will never need the NFS_ROOT option, and many systems do not even have
the hardware for serial or parallel ports, yet those are supported in
the GENERIC kernel.
While I agree with you in principle, I think many people would disagree
with your assertion about serial ports :-).
In deciding what options should go into the GENERIC kernel, I think the
question we should be asking is not "how many people use this?", but
instead "would adding this option inconvenience more people than it
would help?".
With regard to the specific three kernel options mentioned above:
KAME IPSEC adds significant additional overhead to the processing of every
packet, and also requires that Giant be held over the entire network
stack. Also, as there's a competing IPSEC implementation, FAST_IPSEC,
it's not clear that all users of IPSEC will want to use KAME IPSEC rather
than FAST_IPSEC, and right now they are mutually exclusive. You can argue
that these are technical problems that need to be fixed, but I think they
need to be fixed before we change GENERIC, not after.
In 6.x, IPDIVERT no longer needs to be compiled into the kernel. You can
load ipdivert.ko, I believe, although I've not personally tested that.
The natd rc.d start script looks like it will even auto-load it for you
when nat is started, but again, not personally tested.
In 6.x, UFS disk quotas require that Giant be placed over the entire UFS
implementation, resulting in significant overhead for users who don't need
the feature. Again, an implementation problem, but a good reason to not
have it in GENERIC until it is fixed. I expect to see Giant fall off
quotas in the next minor release or so of 6.x, but it hasn't happened yet.
On the topic of a few of the options you've mentioned:
- A wide range of people do use serial ports frequently with FreeBSD --
it's the recommended configuration for headless servers (which I promise
there are a lot of), and it's the recommended configuration for
debugging.
- NFS_ROOT minimally expands the kernel, but is required for PXE booting
diskless systems, which is actually quite widely used. It might more
usefully be argued that we should have NFS_ROOT there, but not the
NFSCLIENT or NFSSERVER, as NFS_ROOT really just does minor tweaks and
inclusions for the nfsclient, which is already loadable as a module.
Robert N M Watson
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
