On Mon, Feb 20, 2006 at 07:50:22AM -0800, Garrett D'Amore wrote:
> > That's the wrong question. How many kernels does your live CD / bootable
> > USB stick have? Given that a GENERIC kernel is around 8 MB, not having
> > two full kernels is a real improvement. A lot of newer machines don't
> > boot properly without ACPI and some older machines have problems with
> > it, not speaking about APM.
> >   
> this is the kind of thing I want to avoid -- having different configs
> for different hardware that could easily be handled by just having
> different drivers loaded seems wasteful to me.

Yes, I fully agree, but it is a sad reality.

> > But back to the original question -- this doesn't affect IPSec at all,
> > since it can't be made a module without a lot of efforts in any case.
> >   
> true, perhaps.  but if so, then why?  it seems a lot of ipsec at least
> could be -- e.g. encryption and hash routines, etc.

The encryption and hash algoritms could be done as crypto modules
without a bigger impact. The problem with ipsec itself is that it hooks
itself into quite a bunch of places. That's what can negatively affect
the system performance even if no ipsec is used at all.

Joerg