Date: Fri, 24 Jan 2003 10:26:56 -0800 From: "Sam Leffler" <sam@errno.com> To: "Mike Tancsa" <mike@sentex.net> Cc: <freebsd-stable@FreeBSD.ORG> Subject: Re: HEADS UP: fast ipsec committed Message-ID: <192f01c2c3d6$2d5666d0$52557f42@errno.com> References: <5.2.0.9.0.20030124073321.07012c88@192.168.0.12> <5.2.0.9.0.20030124122133.06c66610@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> At 09:11 AM 24/01/2003 -0800, Sam Leffler wrote:
> > > At 09:39 PM 1/23/2003 -0800, Sam Leffler wrote:
> > > >I just commited my "Fast IPsec" support. This is an implementation
of
> >the
> > > >IPsec protocols that makes use of the kernel crypto framework. What
this
> > > >means is that if you have a hardware crypto card it will
automatically be
> > > >used by the protocols. If you don't have crypto hardware you will
use
> >the
> > > >host cpu as before.
> > >
> > > Hi,
> > > Apart from FAST_IPSEC and OpenSSL 0.9.7, what parts (if any)
of
> > > FreeBSD would currently make sure of the crypto hardware ?
> >
> >With OpenSSL you get lots of applications. I'm not sure if Kerberos also
> >benefits. In the kernel there's nothing else at the moment but that's
not
> >to say that things like gbde couldn't use it. I also intend to use it to
do
> >AES for wireless security protocols.
>
>
> Thanks for the info! Just to confirm/clarify, without FAST_IPSEC enabled,
> none of the crypto hardware is used in IPSEC, correct ?
Correct. Also, you can control the use of h/w crypto with the
net.inet.ipsec.crypto_support sysctl: set it -1 to get s/w only, 1 for h/w
only, or 0 (default) to take the best available crypto support.
Sam
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?192f01c2c3d6$2d5666d0$52557f42>