At 03:46 AM 13/08/2005, Pawel Jakub Dawidek wrote: >On Sat, Aug 13, 2005 at 01:45:44AM -0400, Mike Tancsa wrote: >+> Is there something else that needs to be done to tell crypto(4) >or FAST_IPSEC to use the "hardware" in this case ? > >I'm not sure why you need to set net.inet.ipsec.crypto_support to 1 for >this. Shouldn't be needed. > >If you want to figure it out, you may place debug print into Will do. I will play with it over the weekend. Overnight I also let a copy of netperf run blasting various network tests across the IPSEC tunnel and all was as expected. I had to enable polling on the box as it was getting dangerously close to livelock with the high level of interrupts. At 1500 HZ its still quite fast, forwarding IPSEC traffic at 60Mb/s and the box is VERY responsive. Without the padlock.ko, it comes in just at 23Mb/s. +> Also, I came across a small ipsec bug while testing >+> >+> http://www.freebsd.org/cgi/query-pr.cgi?pr=84860 > >It could be RELENG_5 specific, as it uses rijndael implementation >which was removed after RELENG_5 (there is no sys/opencrypto/rijndael.c >anymore). Maybe rijndael version from sys/crypto/ handles it better? >This needs to be verified. Actually this happens in RELENG_6 as well. I have updated the PR with a crash dump and back trace. ---MikeReceived on Sat Aug 13 2005 - 16:24:24 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:41 UTC