On Fri, May 10, 2019 at 12:11:47PM +0300, Andrey V. Elsukov wrote: > On 10.05.2019 11:46, Alexey Dokuchaev wrote: > > ... > > What is the reason behind having IPSEC_SUPPORT option instead of no > > special option at all? > > IPSEC_SUPPORT builds into the kernel PF_KEY domain protocol, that is > required by IPsec implementation to interact with userlevel. Currently > the kernel does not support unregistering of protocol domains. This is > mostly why option IPSEC_SUPPORT was introduced.
Okay, I see, thank you Andrey for explanation. > The second cause -- reduce overhead that IPSEC produces even when it > is not used. So does it mean that if I don't plan to use IPSEC, I can safely remove IPSEC_SUPPORT from my config and also get slight performance boost? ./danfe _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
