From owner-freebsd-hackers@FreeBSD.ORG Sat Apr 24 13:45:34 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5752416A4CE for ; Sat, 24 Apr 2004 13:45:34 -0700 (PDT) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EA0843D2D for ; Sat, 24 Apr 2004 13:45:33 -0700 (PDT) (envelope-from Helge.Oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])i3OKj9tH006656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 24 Apr 2004 22:45:10 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: from dehhx004.hbg.de.int.atosorigin.com (dehhx004.hbg.de.int.atosorigin.com [161.90.164.40]) ESMTP id i3OKj9Iq008034; Sat, 24 Apr 2004 22:45:09 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: by dehhx004.hbg.de.int.atosorigin.com with Internet Mail Service (5.5.2657.72) id ; Sat, 24 Apr 2004 22:45:09 +0200 Message-ID: From: "Oldach, Helge" To: "'Sam Leffler'" Date: Sat, 24 Apr 2004 22:45:07 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="windows-1252" cc: freebsd-hackers@freebsd.org cc: Mike Tancsa Subject: RE: FAST_IPSEC bug fix X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Apr 2004 20:45:34 -0000 > From: Sam Leffler [mailto:sam@errno.com] > On Apr 24, 2004, at 11:24 AM, Mike Tancsa wrote: > > At 12:56 PM 24/04/2004, Sam Leffler wrote: > >> On Apr 24, 2004, at 9:03 AM, Oldach, Helge wrote: > >> > >>> Hi list, > >>> > >>> this is a month-old mail about the lack of a FAST_IPSEC feature > >>> compared to legacy IPSEC. Including a working patch. I haven't > >>> seen this being > >>> committed, or is it? Please also MFC to STABLE. > >> > >> The fix was not quite right for -current (where it needs to go in > >> first). I sent out the attached patch for testing but received no > >> feedback. Until I can get it tested and committed to -current it > >> won't be MFC'd. > > > > We dont run -current here, so I dont have anything to test it on. > > Also, due to the bugs in the driver with HiFn 7955, we have had to > > abandon FAST_IPSEC :( > > Running FAST IPSEC w/o h/w crypto is still faster than KAME > IPsec. See the results in my BSDCon paper. Yes, but still the net.key.preferred_oldsa issue hits, which is what this thread is about. FAST_IPSEC is great, but unfortuantely useless for me without this... Sorry for beating this topic again. Unfortunately, like Mike, I don't have a -current system around. Maybe someone with a -current box can test? Helge