From owner-freebsd-hardware@FreeBSD.ORG Sun Apr 25 20:38:01 2004 Return-Path: Delivered-To: freebsd-hardware@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A3CC16A4CE for ; Sun, 25 Apr 2004 20:38:01 -0700 (PDT) Received: from smtp3b.sentex.ca (smtp3b.sentex.ca [205.211.164.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34A1743D4C for ; Sun, 25 Apr 2004 20:38:01 -0700 (PDT) (envelope-from mike@sentex.net) Received: from avscan2.sentex.ca (avscan2.sentex.ca [199.212.134.19]) by smtp3b.sentex.ca (8.12.11/8.12.11) with ESMTP id i3Q3bvoJ004993; Sun, 25 Apr 2004 23:37:57 -0400 (EDT) (envelope-from mike@sentex.net) Received: from localhost (localhost [127.0.0.1]) by avscan2.sentex.ca (Postfix) with ESMTP id 198DA59C99; Sun, 25 Apr 2004 23:37:57 -0400 (EDT) Received: from avscan2.sentex.ca ([127.0.0.1]) by localhost (avscan2.sentex.ca [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 10276-14; Sun, 25 Apr 2004 23:37:57 -0400 (EDT) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by avscan2.sentex.ca (Postfix) with ESMTP id 018BF59C94; Sun, 25 Apr 2004 23:37:57 -0400 (EDT) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.11/8.12.11) with ESMTP id i3Q3budF060766; Sun, 25 Apr 2004 23:37:56 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.0.3.0.0.20040425232714.08d1a250@64.7.153.2> X-Sender: mdtpop@64.7.153.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.3.0 Date: Sun, 25 Apr 2004 23:39:32 -0400 To: Sam Leffler From: Mike Tancsa In-Reply-To: <089AEBC9-9731-11D8-BD30-000A95AD0668@errno.com> References: <44658B20-9610-11D8-AAEB-000A95AD0668@errno.com> <6.0.3.0.0.20040424142123.07bf3db0@64.7.153.2> <089AEBC9-9731-11D8-BD30-000A95AD0668@errno.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Virus-Scanned: by amavisd-new at (avscan2) sentex.ca cc: freebsd-hardware@freebsd.org Subject: Re: FAST_IPSEC bug fix X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2004 03:38:01 -0000 At 11:23 PM 25/04/2004, Sam Leffler wrote: > But there is no one to maintain and merge bugfixes into FAST_IPSEC >>from KAME The KAME stack might be slower, but there is active >>(relative to FAST_IPSEC) development. > >You said that because of a bug w/ the hifn card that you cannot/will not >use FAST IPsec. I said that's not a reason to not use it, that even w/o >hardware acceleration it's still faster than KAME. Sorry, I meant to add that the old_sa issue killed it for us in conjunction with the HiFn bug and the limitation of the newer Soekris cards to only 100 sites, we had to move back to KAME. We still have a number of remote Soekris boxes deployed using FAST_IPSEC with our patches deployed and they work well and will continue to use them as is. >Unfortunately the policy is that I cannot MFC something w/o it first going >in -current. I'll try to test the change under -current this week but if >someone else could do it then a commit would happen sooner. I *completely* understand and I really dont mean to seem to be complaining or anything because I am certainly not. I was going to try and put together a -current box later this week to try and test it so that I can at least report back that it works. ---Mike