On Sat, Aug 13, 2005 at 01:45:44AM -0400, Mike Tancsa wrote: +> Is there something else that needs to be done to tell crypto(4) or FAST_IPSEC to use the "hardware" in this case ? I'm not sure why you need to set net.inet.ipsec.crypto_support to 1 for this. Shouldn't be needed. If you want to figure it out, you may place debug print into sys/opencrypto/crypto.c, there is a crypto_newsession function and you need to change this: /* See if all the algorithms are supported. */ for (cr = cri; cr; cr = cr->cri_next) if (cap->cc_alg[cr->cri_alg] == 0) break; into something like this: /* See if all the algorithms are supported. */ for (cr = cri; cr; cr = cr->cri_next) if (cap->cc_alg[cr->cri_alg] == 0) { printf("IPSEC: Unsupported algorithm: %d.\n", cr->cri_alg); break; } +> Also, I came across a small ipsec bug while testing +> +> http://www.freebsd.org/cgi/query-pr.cgi?pr=84860 It could be RELENG_5 specific, as it uses rijndael implementation which was removed after RELENG_5 (there is no sys/opencrypto/rijndael.c anymore). Maybe rijndael version from sys/crypto/ handles it better? This needs to be verified. -- Pawel Jakub Dawidek http://www.wheel.pl pjd_at_FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:41 UTC