From owner-freebsd-stable@FreeBSD.ORG Wed Sep 6 16:43:53 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50DB816A4DF for ; Wed, 6 Sep 2006 16:43:53 +0000 (UTC) (envelope-from Stephen.Clark@seclark.us) Received: from smtpout06-04.prod.mesa1.secureserver.net (smtpout06-01.prod.mesa1.secureserver.net [64.202.165.224]) by mx1.FreeBSD.org (Postfix) with SMTP id AA45843D46 for ; Wed, 6 Sep 2006 16:43:52 +0000 (GMT) (envelope-from Stephen.Clark@seclark.us) Received: (qmail 31724 invoked from network); 6 Sep 2006 16:43:52 -0000 Received: from unknown (24.144.77.138) by smtpout06-04.prod.mesa1.secureserver.net (64.202.165.227) with ESMTP; 06 Sep 2006 16:43:51 -0000 Message-ID: <44FEFAC6.1050404@seclark.us> Date: Wed, 06 Sep 2006 12:43:50 -0400 From: Stephen Clark User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22smp i686; en-US; m18) Gecko/20010110 Netscape6/6.5 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Adrian Steinmann References: <20060906062912.GA44900@webgroup.ch> <20060906063621.GA23449@garage.freebsd.pl> <20060906140313.GA30204@webgroup.ch> In-Reply-To: <20060906140313.GA30204@webgroup.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@FreeBSD.org, Pawel Jakub Dawidek Subject: Re: FAST_IPSEC + device padlock + device crypto + IKE broken? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Stephen.Clark@seclark.us List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2006 16:43:53 -0000 Adrian Steinmann wrote: >On Wed, Sep 06, 2006 at 08:36:21AM +0200, Pawel Jakub Dawidek wrote: > > >>On Wed, Sep 06, 2006 at 08:29:13AM +0200, Adrian Steinmann wrote: >> >> >>>In my kernel config, I have >>> >>> options FAST_IPSEC >>> device padlock >>> device crypto >>> >>> >>> >... > > >>>Yet when I configure racoon from ipsec-tools, racoon2, or iked for >>>dynamic keying, I get a "PFKEYv2 UPDATE" (or similar) failure. When >>>I set net.inet.ipsec.crypto_support=0 these same dynamic ike key >>>configurations work, albeit without HW crypto accelleration. >>> >>>Has anyone else observed this and know what the problem is? >>> >>> >>Is this after my recent padlock(4) update in RELENG_6? >> >> >Both for RELENG_6_1 (new VIA C7 padlock support) and RELENG_6 (VIA C3) >show this behavior on respective VIA processors. It's as if FAST_IPSEC >can't register a new key session with crypto device... > >If you can point me where to debug (in padlock_* files?) I'd be happy >to help. > >Adrian >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > I see the same problem with 6.1 without the changes from Pawel. Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)