[Swan-dev] remove pfkey checks from pluto and startup scripts
D. Hugh Redelmeier
hugh at mimosa.com
Fri May 3 17:12:10 UTC 2019
| From: Antony Antony <antony at phenome.org>
| Since it is not necessary we could remove it from pluto. Also tests by
| Steffen noticed compiling kernel with pfkey use quite a bit extra cpu.
Are you saying the
compiling the kernel with pfkey uses more CPU (unlikely)
running a kernel compiled with pfkey enabled uses more CPU?
| His observation was pfkey_send_new_mapping use "3.69% of my cpu cycles". So
| I think it is worth removing pfkey completely. e.g this could happen when
| the NAT mappings for ESP change, pfkey_send_new_mapping is wasted cpu
What is pfkey_send_new_mapping doing? Is it correlated with anything
libreswan is actually doing?
If libreswan isn't really using pfkey, and nobody else is, it's
surprising that it would eat CPU.
More information about the Swan-dev