From owner-svn-src-all@freebsd.org Tue Jul 14 05:10:00 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0EE6C949D; Tue, 14 Jul 2015 05:10:00 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E6CA22B83; Tue, 14 Jul 2015 05:09:59 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6E59xC4052136; Tue, 14 Jul 2015 05:09:59 GMT (envelope-from jmg@FreeBSD.org) Received: (from jmg@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6E59xs2052135; Tue, 14 Jul 2015 05:09:59 GMT (envelope-from jmg@FreeBSD.org) Message-Id: <201507140509.t6E59xs2052135@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jmg set sender to jmg@FreeBSD.org using -f From: John-Mark Gurney Date: Tue, 14 Jul 2015 05:09:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285523 - head/sys/conf X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2015 05:10:00 -0000 Author: jmg Date: Tue Jul 14 05:09:58 2015 New Revision: 285523 URL: https://svnweb.freebsd.org/changeset/base/285523 Log: cryptodev is not needed for TCP_SIGNATURE... Comment that cryptodev shouldn't be used unless you know what you're doing... The various arm/mips and one powerpc configs that have cryptodev in them need to be addressed, audited if they provide benefit and removed if they don't... Modified: head/sys/conf/NOTES Modified: head/sys/conf/NOTES ============================================================================== --- head/sys/conf/NOTES Tue Jul 14 02:00:50 2015 (r285522) +++ head/sys/conf/NOTES Tue Jul 14 05:09:58 2015 (r285523) @@ -997,8 +997,7 @@ options ACCEPT_FILTER_HTTP # carried in TCP option 19. This option is commonly used to protect # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable. # This is enabled on a per-socket basis using the TCP_MD5SIG socket option. -# This requires the use of 'device crypto', 'options IPSEC' -# or 'device cryptodev'. +# This requires the use of 'device crypto' and 'options IPSEC'. options TCP_SIGNATURE #include support for RFC 2385 # DUMMYNET enables the "dummynet" bandwidth limiter. You need IPFIREWALL @@ -2817,6 +2816,10 @@ options DCONS_FORCE_GDB=1 # force to be # been fed back to OpenBSD. device crypto # core crypto support + +# Only install the cryptodev device if you are running tests, or know +# specificly why you need it. Most cases, it is not needed and will +# make things slower. device cryptodev # /dev/crypto for access to h/w device rndtest # FIPS 140-2 entropy tester