On Mon, Feb 20, 2006 at 08:56:04PM +0700, Robert Elz wrote:
>   | Sorry, this is just bull shit. LKMs add *zero* overhead to the kernel.
> 
> Huh?   You mean they don't need any code sitting around occupying
> memory waiting for an LKM to come along to load?   And a call of a
> function in an LKM (from outside, or a different LKM) goes exactly
> as fast as a call of the same function if it is statically linked?

Less than 16kb on ia32. Most network drivers a bigger. Kernel modules are compiled
the way as normal code, unlike shared objects in userland. E.g. no
-fPIC. I don't think change of kernel image size counts as overhead and
otherwise doesn't alter any critical code paths.

>   | You have the symbol table in the kernel, as soon as e.g. debugging is
>   | wanted too.
> 
> But most people don't want debugging in the kernel.   It crashes,
> I reboot it.   If it happens often, I might send a PR (but it doesn't).

Again, GENERIC has DDB by default. If you have your own kernel config,
it is completely up to you whether you enable it or not.

>   | Proper kernel module support dramatically reduces the need to have
>   | alternative kernels.
> 
> Sure, and if you're doing binary distributions that matters.  But
> most of the use of LKMs (with NetBSD) is by people with the sources
> who just don't want to be bothered compiling the kernel they need.

In FreeBSD and DragonFly, PF is not part of the default kernel, but can
be loaded as module. You don't have to create a custom kernel if you
just want to try it -- meaning that a lot of users don't have to
download the source *at all*.

>   | No ACPI subkernels needed, since ACPI is loaded as module
>   | or not, depending on need.
> 
> How many times does one of your systems change from needing ACPI
> to not needing ACPI dynamically, while it is running, without
> rebooting it?

That's the wrong question. How many kernels does your live CD / bootable
USB stick have? Given that a GENERIC kernel is around 8 MB, not having
two full kernels is a real improvement. A lot of newer machines don't
boot properly without ACPI and some older machines have problems with
it, not speaking about APM.

But back to the original question -- this doesn't affect IPSec at all,
since it can't be made a module without a lot of efforts in any case.

Joerg