From owner-freebsd-net@FreeBSD.ORG  Fri Jun 14 13:14:16 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 33EC7D6D
 for <freebsd-net@freebsd.org>; Fri, 14 Jun 2013 13:14:16 +0000 (UTC)
 (envelope-from vanhu@zeninc.net)
Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25])
 by mx1.freebsd.org (Postfix) with ESMTP id BB52B1E8A
 for <freebsd-net@freebsd.org>; Fri, 14 Jun 2013 13:14:15 +0000 (UTC)
Received: from nono (nono.zen.inc [192.168.1.95])
 by smtp.zeninc.net (smtpd) with ESMTP id 0A59227988B;
 Fri, 14 Jun 2013 15:06:15 +0200 (CEST)
Received: by nono (Postfix, from userid 1000)
 id F30DE20C05; Fri, 14 Jun 2013 15:14:00 +0200 (CEST)
Date: Fri, 14 Jun 2013 15:14:00 +0200
From: VANHULLEBUS Yvan <vanhu@FreeBSD.org>
To: Slawa Olhovchenkov <slw@zxy.spb.ru>
Subject: Re: IPSec improvement
Message-ID: <20130614131400.GA23375@zeninc.net>
References: <20130614103615.GQ34554@zxy.spb.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130614103615.GQ34554@zxy.spb.ru>
User-Agent: All mail clients suck. This one just sucks less.
Cc: freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2013 13:14:16 -0000

Hi.

On Fri, Jun 14, 2013 at 02:36:15PM +0400, Slawa Olhovchenkov wrote:
> I am plan to do some improve in IPSec stack:
> 
> - AES-GCM support (from OpenBSD)

Dylan Castine already started to work on that last year (see ML's
archives), and we took some time to work together on that.

Unfortunately, patch hasn't been commited since, as Dylan needed some
more time to do some important cleanups on the code.

I'll try to recontact Dylan to see if he could take time to finish
that.


> - GOST 28147-89 and 34.10-2001 support (by modules)
> - support for IPSec acceleration in network cards

What kind of acceleration, in which kind of network card ?

Are you talking about encryption/authentication done in the network
card (or CPUs, or .....), or do you want to use advanced IPsec
offloading provided by some chipsets ?


Yvan.