From owner-freebsd-current@freebsd.org Sun Aug 2 03:54:00 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46E679AF44F for ; Sun, 2 Aug 2015 03:54:00 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 09CB41075 for ; Sun, 2 Aug 2015 03:53:59 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t723rxR5081185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 1 Aug 2015 20:53:59 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t723rxg8081184; Sat, 1 Aug 2015 20:53:59 -0700 (PDT) (envelope-from jmg) Date: Sat, 1 Aug 2015 20:53:59 -0700 From: John-Mark Gurney To: Sydney Meyer Cc: FreeBSD CURRENT Subject: Re: IPSEC stop works after r285336 Message-ID: <20150802035359.GO78154@funkthat.com> References: <20150729071732.GA78154@funkthat.com> <55B8CD6C.7080804@shurik.kiev.ua> <18D9D532-15B2-4B30-B088-74E7E4566254@googlemail.com> <20150801200137.GK78154@funkthat.com> <422BE6C0-B106-44E2-927A-7AE04885251F@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <422BE6C0-B106-44E2-927A-7AE04885251F@googlemail.com> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Sat, 01 Aug 2015 20:53:59 -0700 (PDT) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Aug 2015 03:54:00 -0000 Sydney Meyer wrote this message on Sun, Aug 02, 2015 at 04:03 +0200: > i have tried your patches from your ipsecgcm branch. The build completes, boots fine and indeed, dmesg shows "aesni0: on motherboard". Yeh, these patches are more about getting IPsec to work w/ the modes that aesni now supports... > I'm going to try out the new cipher modes tomorrow and will get back.. Make sure you get the gnn's setkey changes in r286143 otherwise GCM and CTR won't work... Thanks for doing more testing.. I've only done basic ping tests, so passing more real traffic through would be nice... > > On 01 Aug 2015, at 22:01, John-Mark Gurney wrote: > > > > Sydney Meyer wrote this message on Wed, Jul 29, 2015 at 22:01 +0200: > >> Same here, fixed running r286015. Thanks a bunch. > > > > If you'd like to do some more testing, test the patches in: > > https://github.com/jmgurney/freebsd/tree/ipsecgcm > > > > These patches get GCM and CTR modes working as tested against NetBSD > > 6.1.5... > > > > Hope to commit these in the next few days.. > > > > Thanks. > > > >>> On 29 Jul 2015, at 14:56, Alexandr Krivulya wrote: > >>> > >>> 29.07.2015 10:17, John-Mark Gurney ??????????: > >>>> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300: > >>>> > >>>> [...] > >>>> > >>>>> With r285535 all works fine. > >>>> Sydney Meyer wrote this message on Mon, Jul 27, 2015 at 23:49 +0200: > >>>>> I'm having the same problem with IPSec, running -current with r285794. > >>>>> > >>>>> Don't know if this helps, but "netstat -s -p esp" shows packets dropped; bad ilen. > >>>> It looks like there was an issue w/ that commit... After looking at > >>>> the code, and working w/ gnn, I have committed r286000 which fixes it > >>>> in my test cases... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."