From owner-freebsd-stable@FreeBSD.ORG Wed Sep 6 14:04:05 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5AC316A4DF; Wed, 6 Sep 2006 14:04:05 +0000 (UTC) (envelope-from ast@marabu.ch) Received: from oneplusone.ch (oneplusone.ch [212.55.208.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1311243D49; Wed, 6 Sep 2006 14:04:04 +0000 (GMT) (envelope-from ast@marabu.ch) Received: from oneplusone.ch (localhost [127.0.0.1]) by oneplusone.ch (8.13.6/8.13.6) with ESMTP id k86E42Z9059055 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 6 Sep 2006 16:04:02 +0200 (CEST) (envelope-from ast@marabu.ch) Received: (from uucp@localhost) by oneplusone.ch (8.13.6/8.13.6/Submit) with UUCP id k86E42bL059054; Wed, 6 Sep 2006 16:04:02 +0200 (CEST) (envelope-from ast@marabu.ch) Received: from nano.marabu.ch (nano.marabu.ch [192.168.21.102]) by pano.marabu.ch (8.13.6/8.13.6) with ESMTP id k86E3GtD005472; Wed, 6 Sep 2006 16:03:16 +0200 (CEST) (envelope-from ast@marabu.ch) Received: from nano.marabu.ch (localhost [127.0.0.1]) by nano.marabu.ch (8.13.6/8.13.6) with ESMTP id k86E3GVm030242; Wed, 6 Sep 2006 16:03:16 +0200 (CEST) (envelope-from ast@nano.marabu.ch) Received: (from ast@localhost) by nano.marabu.ch (8.13.6/8.13.6/Submit) id k86E3EvG030241; Wed, 6 Sep 2006 16:03:14 +0200 (CEST) (envelope-from ast) Date: Wed, 6 Sep 2006 16:03:13 +0200 From: Adrian Steinmann To: Pawel Jakub Dawidek Message-ID: <20060906140313.GA30204@webgroup.ch> References: <20060906062912.GA44900@webgroup.ch> <20060906063621.GA23449@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20060906063621.GA23449@garage.freebsd.pl> X-Organization: Webgroup Consulting AG X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (oneplusone.ch [127.0.0.1]); Wed, 06 Sep 2006 16:04:03 +0200 (CEST) X-Mailfilter: egfilter version 1.14; Archiver [msg.j0KFa0On] (oneplusone.ch [127.0.0.1]); Wed, 06 Sep 2006 16:04:03 +0200 (CEST) X-AntiVirus: checked by AntiVir Milter (version: 1.1.2-1; AVE: 7.1.1.11; VDF: 6.35.1.192; host: oneplusone.ch) Cc: freebsd-stable@FreeBSD.org Subject: Re: FAST_IPSEC + device padlock + device crypto + IKE broken? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 14:04:06 -0000 On Wed, Sep 06, 2006 at 08:36:21AM +0200, Pawel Jakub Dawidek wrote: > On Wed, Sep 06, 2006 at 08:29:13AM +0200, Adrian Steinmann wrote: > > In my kernel config, I have > >=20 > > options FAST_IPSEC > > device padlock > > device crypto > >=20 =2E.. > > Yet when I configure racoon from ipsec-tools, racoon2, or iked for > > dynamic keying, I get a "PFKEYv2 UPDATE" (or similar) failure. When > > I set net.inet.ipsec.crypto_support=3D0 these same dynamic ike key > > configurations work, albeit without HW crypto accelleration. > >=20 > > Has anyone else observed this and know what the problem is? >=20 > Is this after my recent padlock(4) update in RELENG_6? Both for RELENG_6_1 (new VIA C7 padlock support) and RELENG_6 (VIA C3) show this behavior on respective VIA processors. It's as if FAST_IPSEC can't register a new key session with crypto device... If you can point me where to debug (in padlock_* files?) I'd be happy to help. Adrian