From owner-freebsd-current@FreeBSD.ORG Sat Aug 13 07:46:55 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31CD116A41F for ; Sat, 13 Aug 2005 07:46:55 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89DD543D46 for ; Sat, 13 Aug 2005 07:46:54 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id A6AF152C2F; Sat, 13 Aug 2005 09:46:52 +0200 (CEST) Received: from localhost (dlq219.neoplus.adsl.tpnet.pl [83.24.46.219]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id A5F0452BC4; Sat, 13 Aug 2005 09:46:44 +0200 (CEST) Date: Sat, 13 Aug 2005 09:46:36 +0200 From: Pawel Jakub Dawidek To: Mike Tancsa Message-ID: <20050813074636.GH27996@garage.freebsd.pl> References: <20050812134511.GE25162@garage.freebsd.pl> <6.2.3.4.0.20050813012441.061d08b0@64.7.153.2> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="poemUeGtc2GQvHuH" Content-Disposition: inline In-Reply-To: <6.2.3.4.0.20050813012441.061d08b0@64.7.153.2> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng devel (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: * X-Spam-Status: No, score=1.8 required=3.0 tests=RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: FreeBSD-current Subject: Re: VIA/ACE PadLock integration with crypto(9). X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Aug 2005 07:46:55 -0000 --poemUeGtc2GQvHuH Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 13, 2005 at 01:45:44AM -0400, Mike Tancsa wrote: +> Is there something else that needs to be done to tell crypto(4) or FAST_= IPSEC to use the "hardware" in this case ? I'm not sure why you need to set net.inet.ipsec.crypto_support to 1 for this. Shouldn't be needed. If you want to figure it out, you may place debug print into sys/opencrypto/crypto.c, there is a crypto_newsession function and you need to change this: /* See if all the algorithms are supported. */ for (cr =3D cri; cr; cr =3D cr->cri_next) if (cap->cc_alg[cr->cri_alg] =3D=3D 0) break; into something like this: /* See if all the algorithms are supported. */ for (cr =3D cri; cr; cr =3D cr->cri_next) if (cap->cc_alg[cr->cri_alg] =3D=3D 0) { printf("IPSEC: Unsupported algorithm: %d.\n", cr->cri_alg); break; } +> Also, I came across a small ipsec bug while testing +>=20 +> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D84860 It could be RELENG_5 specific, as it uses rijndael implementation which was removed after RELENG_5 (there is no sys/opencrypto/rijndael.c anymore). Maybe rijndael version from sys/crypto/ handles it better? This needs to be verified. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --poemUeGtc2GQvHuH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC/aVcForvXbEpPzQRAuO5AJwNTkCztwtGMjchjRxijH3Juy9+/ACcDj/B IyUkM7g1fezzhu3yVMw9VDU= =8aQh -----END PGP SIGNATURE----- --poemUeGtc2GQvHuH--