RE: FAST_IPSEC bug fix

From: Oldach, Helge (Helge.Oldach_at_atosorigin.com)
Date: 04/24/04

  • Next message: Sam Leffler: "Re: FAST_IPSEC bug fix" 
    To: "'Sam Leffler'" <sam@errno.com>
Date: Sat, 24 Apr 2004 22:45:07 +0200

    > From: Sam Leffler [mailto:sam@errno.com]
    > On Apr 24, 2004, at 11:24 AM, Mike Tancsa wrote:
    > > At 12:56 PM 24/04/2004, Sam Leffler wrote:
    > >> On Apr 24, 2004, at 9:03 AM, Oldach, Helge wrote:
    > >>
    > >>> Hi list,
    > >>>
    > >>> this is a month-old mail about the lack of a FAST_IPSEC feature
    > >>> compared to legacy IPSEC. Including a working patch. I haven't
    > >>> seen this being
    > >>> committed, or is it? Please also MFC to STABLE.
    > >>
    > >> The fix was not quite right for -current (where it needs to go in
    > >> first). I sent out the attached patch for testing but received no
    > >> feedback. Until I can get it tested and committed to -current it
    > >> won't be MFC'd.
    > >
    > > We dont run -current here, so I dont have anything to test it on.
    > > Also, due to the bugs in the driver with HiFn 7955, we have had to
    > > abandon FAST_IPSEC :(
    >
    > Running FAST IPSEC w/o h/w crypto is still faster than KAME
    > IPsec. See the results in my BSDCon paper.

    Yes, but still the net.key.preferred_oldsa issue hits, which is
    what this thread is about. FAST_IPSEC is great, but unfortuantely useless
    for me without this...

    Sorry for beating this topic again. Unfortunately, like Mike, I don't have a
    -current system around. Maybe someone with a -current box can test?

    Helge
    _______________________________________________
    freebsd-hackers@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
    To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

  • Next message: Sam Leffler: "Re: FAST_IPSEC bug fix"