In message <dtddss$l49$1@serpens.de>, Michael van Elst writes:

>jonathan@Pescadero.dsg.stanford.edu (Jonathan Stone) writes:
>
>>Michael, I *do* control machines which run GENERIC kernels, I want
>>to *keep* running GENERIC kernels, but I *do* want a way to turn off
>>IPv6 on those machines *without* having to build custom kernels.
>
>>Is any part of that hard to understand?  I'm not understanding
>>why you don't understand it.
>
>Indeed, that is very difficult to understand, because for you it
>is very easy to build a custom kernel.

Michael, since you have a .de address, do you have difficulty
understanding simple English?  

If I don't want to run IPv4, I don't have to build a special kernel;
GENERIC plus our boot-time /etc/rc.conf mechanisms can do that just
fine.  So, why should it be any different if I want to run lPv4, but
not IPv6?

Whether or not *you* think it's trivial for me to build a custom
kernel, just to disable a feature which is of no use to me (and might
even be harmful), is besides the point.


>>>However, GENERIC is what gets installed initially, what might be the
>>>only choice for some people and is necessarily the first choice for
>>>newcomers. Having IPSEC there is worthwhile even when it spoils
>>>benchmarks.
>
>>Yes, those are precisely the sorts of reasons why detuning benchmark
>>performance of GENERIC is widely regarded (by several senior NetBSD
>>developers) as being a bad idea.  I recall there was quite a strong
>>consensus on that, last time the issue came up.
>
>Let me rephrase this with the words in my argument to make sure that
>I understand your words correctly.

Let me go through those (apparently deliberate and inflammatory)
misunderstandings one by one:


>Making a GENERIC kernel support IPSEC initially is bad.

No, I never said that, so please don't put words in my mouth like
that.  There's nothing wrong with supporting IPsec, *provided* doing
so doesn't impair other uses.  Unfortunately, as far as we know,
currently IPsec does impair other uses.



>Making a GENERIC kernel for people useful that rely on the initial install is 
>bad.

Hah!  Michael, do you realize you've just contradicted your own
argument?  A kernel with IPv6 support is not useful for *me*, but you
claim that's not worth fixing because I can easily build my own
kernel.  But so can anyone else.  So by your own argument, what is (or
isn't, in UGENERIC) is beside the point, right?


>Making a GENERIC kernel as versatile as possible for newcomers is bad.

Indeed.  But versatility is in the eye of the beholder.


>Making a GENERIC kernel that spoils benchmarks is bad.

Yes, that's the consensus of the developers who've been maintaining
portions of the stack.  Not just me, but (if I recall correclty)
Thor, and Jason Thorpe, and others.  I'm not sure if Matt Thomas
commented or not.

>And that is supported by several senior NetBSD developers.

Yes. In fact, more than that: there was a *consensus* not to turn on
IPsec in GENERIC kernels, on the understanding IPsec would cause a
noticeable performance hit.

As far as I can see, *you* want IPsec, you don't care about the impact
of IPsec on other users.  That's not a very productive way to reach
your goal.  OTOH, if you *do* want to do something productive, why
don't you try to quantify the actual, current impact of IPsec, via the
techniques I've outlined earlier?