Date: Sat, 17 Jan 2004 13:33:26 -0800 From: Sam Leffler <sam@errno.com> To: Mike Tancsa <mike@sentex.net>, <mhdz@tamaulipas.gob.mx> Cc: security@freebsd.org Subject: Re: HiFn / FAST_IPSEC question Message-ID: <200401171333.26083.sam@errno.com> In-Reply-To: <6.0.1.1.0.20040116134753.03e16c08@209.112.4.2> References: <6.0.1.1.0.20040116122719.05c75910@209.112.4.2> <OBEDIBLCPGDBKELHKALKGEBGCAAA.mhdz@tamaulipas.gob.mx> <6.0.1.1.0.20040116134753.03e16c08@209.112.4.2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 16 January 2004 10:48 am, Mike Tancsa wrote: > I am more curious about what happens if you try 194 sessions on one or 65 > on the other, not why one is rated lower than the other. > When you try to allocate the SPI it will fail because you won't be able to create a crypto session (this is FAST_IPSEC only). The right thing to do (probably) is to fallback to s/w crypto but I don't believe the existing crypto framework is smart enough. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401171333.26083.sam>