From owner-freebsd-stable Fri Jan 24 10:18:47 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7360B37B401 for ; Fri, 24 Jan 2003 10:18:46 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id A057243F13 for ; Fri, 24 Jan 2003 10:18:45 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.6/8.12.6) with ESMTP id h0OIJEfc016519; Fri, 24 Jan 2003 13:19:15 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030124122133.06c66610@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Fri, 24 Jan 2003 13:22:37 -0500 To: "Sam Leffler" From: Mike Tancsa Subject: Re: HEADS UP: fast ipsec committed Cc: In-Reply-To: <187f01c2c3cb$9eb22e50$52557f42@errno.com> References: <5.2.0.9.0.20030124073321.07012c88@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 09:11 AM 24/01/2003 -0800, Sam Leffler wrote: > > At 09:39 PM 1/23/2003 -0800, Sam Leffler wrote: > > >I just commited my "Fast IPsec" support. This is an implementation of >the > > >IPsec protocols that makes use of the kernel crypto framework. What this > > >means is that if you have a hardware crypto card it will automatically be > > >used by the protocols. If you don't have crypto hardware you will use >the > > >host cpu as before. > > > > Hi, > > Apart from FAST_IPSEC and OpenSSL 0.9.7, what parts (if any) of > > FreeBSD would currently make sure of the crypto hardware ? > >With OpenSSL you get lots of applications. I'm not sure if Kerberos also >benefits. In the kernel there's nothing else at the moment but that's not >to say that things like gbde couldn't use it. I also intend to use it to do >AES for wireless security protocols. Thanks for the info! Just to confirm/clarify, without FAST_IPSEC enabled, none of the crypto hardware is used in IPSEC, correct ? ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message