Quoting Alexander Leidinger <alexan...@leidinger.net> (from Fri, 10 Feb 2012 14:56:04 +0100):

Such a kernel would cover situations where people compile their own kernel because they want to get rid of some unused kernel code (and maybe even need the memory this frees up).

The question is, is this enough? Or asked differently, why are you compiling a custom kernel in a production environment (so I rule out debug options zhich are not enabled in GENERIC)? Are there options which you add which you can not add as a module (SW_WATCHDOG comes to my mind)? If yes, which ones and how important are they for you?

Here is what I got, the first column is the number of requests, the second what is requested, and the 3rd my comments (basically it means, if there is a comment, it is not needed/possible to include in a modular kernel):
---snip---
5 IPSEC
4 ALTQ
2 VIMAGE                        -> not production ready (bz)
2 SW_WATCHDOG
2 IPSEC_FILTERTUNNEL            -> obsolete according to bz
2 IPFIREWALL_DEFAULT_TO_ACCEPT -> loader.conf: net.inet.ip.fw.default_to_accept
2 IPFIREWALL                    -> loader.conf: ipfw_load='YES'
2 HZ=1000                       -> loader.conf: kern.hz
2 DEVICE_POLLING                -> ifconfig in 9.0 handles this at runtime?
1 enc
1 ZERO_COPY_SOCKETS -> has known problems? can't find the reference,
                                   but I removed it from my kernels
1 SC_* options                  -> not a generic setting, will not include
1 ROUTETABLES=n                 -> bz is working on this
1 QUOTA
1 PF                            -> loader.conf: pf_load='YES'
1 MROUTING                      -> loader.conf: ip_mroute='YES'?
1 KTR                           -> rare use case, kernel recompile is OK
1 KDTRACE_HOOKS                 -> legal review needed
1 KDB_UNATTENDED                -> re@ wants this, but has reservations
1 KDB_TRACE                     -> re@ wants this, but has reservations
1 KDB                           -> re@ wants this, but has reservations
1 IPSTEALTH
1 IPSEC_NAT_T
1 IPFIREWALL_VERBOSE_LIMIT=5
1 IPFIREWALL_VERBOSE
1 IPFIREWALL_FORWARD -> performance impact too big if unused (julian)
1 IPFILTER                      -> 2/3 firewalls can be loaded... and this one
                                   is not really maintained anymore
1 IPDIVERT                      -> loader.conf: ipdivert_load='YES'
1 GDB
1 FLOWTABLE
1 DUMMYNET                      -> loader.conf: dummynet_load='YES'
1 DIRECTIO
1 DDB_NUMSYM
1 DDB
1 BREAK_TO_DEBUGGER             -> loader.conf: debug.kdb.break_to_debugger
1 BPF_JITTER
1 ALT_BREAK_TO_DEBUGGER -> loader.conf: debug.kdb.alt_break_to_debugger
---snip---

Yes, this poll is not representative...

So... what's the impact of including the following options into a kernel which is intended to be modular, respectively are there reasons to _not_ include one of the following?
---snip---
5 IPSEC                          -> we do not have a separate cryto
                                    dist, so it should be possible
                                    to include in a kernel now...
                                    legal advise needed
4 ALTQ*                          -> does add code to the pf module
                                    other impact?
2 SW_WATCHDOG                    -> should not hurt if not enabled
                                    in rc.conf
1 enc                            -> together with IPSEC
1 IPSTEALTH                      -> changes ipfw module only?
1 IPSEC_NAT_T
1 IPFIREWALL_VERBOSE_LIMIT=5     -> changes ipfw module only?
                                    loader tunable?
1 IPFIREWALL_VERBOSE             -> changes ipfw module only?
                                    loader tunable?
1 FLOWTABLE
1 DIRECTIO
1 BPF_JITTER
---snip---

Bye,
Alexander.

--
Q:      What is purple and concord the world?
A:      Alexander the Grape.

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to