Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 1 Aug 2015 20:53:59 -0700
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Sydney Meyer <meyer.sydney@googlemail.com>
Cc:        FreeBSD CURRENT <freebsd-current@freebsd.org>
Subject:   Re: IPSEC stop works after r285336
Message-ID:  <20150802035359.GO78154@funkthat.com>
In-Reply-To: <422BE6C0-B106-44E2-927A-7AE04885251F@googlemail.com>
References:  <20150729071732.GA78154@funkthat.com> <55B8CD6C.7080804@shurik.kiev.ua> <18D9D532-15B2-4B30-B088-74E7E4566254@googlemail.com> <20150801200137.GK78154@funkthat.com> <422BE6C0-B106-44E2-927A-7AE04885251F@googlemail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Sydney Meyer wrote this message on Sun, Aug 02, 2015 at 04:03 +0200:
> i have tried your patches from your ipsecgcm branch. The build completes, boots fine and indeed, dmesg shows "aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard".

Yeh, these patches are more about getting IPsec to work w/ the modes
that aesni now supports...

> I'm going to try out the new cipher modes tomorrow and will get back..

Make sure you get the gnn's setkey changes in r286143 otherwise GCM
and CTR won't work...

Thanks for doing more testing.. I've only done basic ping tests, so
passing more real traffic through would be nice...

> > On 01 Aug 2015, at 22:01, John-Mark Gurney <jmg@funkthat.com> wrote:
> > 
> > Sydney Meyer wrote this message on Wed, Jul 29, 2015 at 22:01 +0200:
> >> Same here, fixed running r286015. Thanks a  bunch.
> > 
> > If you'd like to do some more testing, test the patches in:
> > https://github.com/jmgurney/freebsd/tree/ipsecgcm
> > 
> > These patches get GCM and CTR modes working as tested against NetBSD
> > 6.1.5...
> > 
> > Hope to commit these in the next few days..
> > 
> > Thanks.
> > 
> >>> On 29 Jul 2015, at 14:56, Alexandr Krivulya <shuriku@shurik.kiev.ua> wrote:
> >>> 
> >>> 29.07.2015 10:17, John-Mark Gurney ??????????:
> >>>> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300:
> >>>> 
> >>>> [...]
> >>>> 
> >>>>> With r285535 all works fine.
> >>>> Sydney Meyer wrote this message on Mon, Jul 27, 2015 at 23:49 +0200:
> >>>>> I'm having the same problem with IPSec, running -current with r285794.
> >>>>> 
> >>>>> Don't know if this helps, but "netstat -s -p esp" shows packets dropped; bad ilen.
> >>>> It looks like there was an issue w/ that commit...  After looking at
> >>>> the code, and working w/ gnn, I have committed r286000 which fixes it
> >>>> in my test cases...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150802035359.GO78154>