From owner-freebsd-security Fri Feb 7 16:15:42 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD99737B401 for ; Fri, 7 Feb 2003 16:15:39 -0800 (PST) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8907243FBD for ; Fri, 7 Feb 2003 16:15:38 -0800 (PST) (envelope-from bmah@employees.org) Received: from bmah.dyndns.org (12-240-204-110.client.attbi.com[12.240.204.110]) by rwcrmhc52.attbi.com (rwcrmhc52) with ESMTP id <2003020800153705200jv4vte>; Sat, 8 Feb 2003 00:15:37 +0000 Received: from intruder.bmah.org (localhost [IPv6:::1]) by bmah.dyndns.org (8.12.6/8.12.6) with ESMTP id h180FbRG081898; Fri, 7 Feb 2003 16:15:37 -0800 (PST) (envelope-from bmah@intruder.bmah.org) Received: (from bmah@localhost) by intruder.bmah.org (8.12.6/8.12.6/Submit) id h180FbZx081897; Fri, 7 Feb 2003 16:15:37 -0800 (PST) (envelope-from bmah) Date: Fri, 7 Feb 2003 16:15:37 -0800 From: "Bruce A. Mah" To: Sam Leffler Cc: Jack Xiao , freebsd-security@freebsd.org Subject: Re: hardware encryption under freebsd Message-ID: <20030208001537.GA81860@intruder.bmah.org> References: <05d201c2ced6$49f96700$52557f42@errno.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU" Content-Disposition: inline In-Reply-To: <05d201c2ced6$49f96700$52557f42@errno.com> User-Agent: Mutt/1.4i X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-url: http://www.employees.org/~bmah/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable If memory serves me right, Sam Leffler wrote: > > It's said "A new in-kernel cryptographic framework (see crypto(4) and > > crypto(9)) has been imported from OpenBSD. It provides a consistent > > interface to hardware and software implementations of cryptographic > > algorithms for use by the kernel and access to cryptographic hardware f= or > > user-mode applications. Hardware device drivers are provided to support > > hifn-based cards ( hifn(4)) and Broadcom-based cards ( ubsec(4))." > > > > "A FAST_IPSEC kernel option now allows the IPsec implementation to use = the > > kernel crypto(4) framework, along with its support for hardware > > cryptographic acceleration. More information can be found in the > > fast_ipsec(4) manual page." > > > > In this case, if I want to use hardware encryption/decryption, should I > use > > fast_ipsec instead of ipsec in the kenerl option? By the way, I am using > > FreeBSD 4.7 Release. I am also curious if anybody has such experience in > > this group before my trial. How's the performance? >=20 > 4.7-release does not have the new ipsec code. I can't recall if the cryp= to > code got in. No, it's a 4.7-STABLE thing. Note that the original poster quoted the release notes from 4.7-STABLE, even though he's running 4.7-RELEASE. Bruce. --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE+REwo2MoxcVugUsMRAoTvAKCV4MqjD/udxlHxjA6bHByIxiUZvwCeICKN 9M7Bh+0lhQxzcsJjDaeUUQA= =7o8Z -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message