With IPSEC enabled in GENERIC kernels the socket creation and destruction takes a penalty on delay since the IPSEC environment preparation is done unconditionally even though the socket did not ask to encapsulate its traffic with IPSEC.
Eliminate this overhead/latency induction by not preparing this structures unless IP_IPSEC_POLICY socket option is triggered.
Introduce an EVENTHANDLER for destorying or duplicating as in TCP syncache code any IPSEC related information attached with a socket, if any.
With this patch most of the IPSEC code sprinkled around PCB is removed and the various #ifdef IPSEC are really not needed but just left to identify that code is related to it.
Also this is a step forward on making IPSEC a module.
The SCTP changes i have not really tested but looking at the comments its state is unknown.