Date: Tue, 14 Jul 2015 05:09:59 +0000 (UTC) From: John-Mark Gurney <jmg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285523 - head/sys/conf Message-ID: <201507140509.t6E59xs2052135@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jmg Date: Tue Jul 14 05:09:58 2015 New Revision: 285523 URL: https://svnweb.freebsd.org/changeset/base/285523 Log: cryptodev is not needed for TCP_SIGNATURE... Comment that cryptodev shouldn't be used unless you know what you're doing... The various arm/mips and one powerpc configs that have cryptodev in them need to be addressed, audited if they provide benefit and removed if they don't... Modified: head/sys/conf/NOTES Modified: head/sys/conf/NOTES ============================================================================== --- head/sys/conf/NOTES Tue Jul 14 02:00:50 2015 (r285522) +++ head/sys/conf/NOTES Tue Jul 14 05:09:58 2015 (r285523) @@ -997,8 +997,7 @@ options ACCEPT_FILTER_HTTP # carried in TCP option 19. This option is commonly used to protect # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable. # This is enabled on a per-socket basis using the TCP_MD5SIG socket option. -# This requires the use of 'device crypto', 'options IPSEC' -# or 'device cryptodev'. +# This requires the use of 'device crypto' and 'options IPSEC'. options TCP_SIGNATURE #include support for RFC 2385 # DUMMYNET enables the "dummynet" bandwidth limiter. You need IPFIREWALL @@ -2817,6 +2816,10 @@ options DCONS_FORCE_GDB=1 # force to be # been fed back to OpenBSD. device crypto # core crypto support + +# Only install the cryptodev device if you are running tests, or know +# specificly why you need it. Most cases, it is not needed and will +# make things slower. device cryptodev # /dev/crypto for access to h/w device rndtest # FIPS 140-2 entropy tester
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507140509.t6E59xs2052135>