Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Sep 2006 16:03:13 +0200
From:      Adrian Steinmann <ast@webgroup.ch>
To:        Pawel Jakub Dawidek <pjd@FreeBSD.org>
Cc:        freebsd-stable@FreeBSD.org
Subject:   Re: FAST_IPSEC + device padlock + device crypto + IKE broken?
Message-ID:  <20060906140313.GA30204@webgroup.ch>
In-Reply-To: <20060906063621.GA23449@garage.freebsd.pl>
References:  <20060906062912.GA44900@webgroup.ch> <20060906063621.GA23449@garage.freebsd.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 06, 2006 at 08:36:21AM +0200, Pawel Jakub Dawidek wrote:
> On Wed, Sep 06, 2006 at 08:29:13AM +0200, Adrian Steinmann wrote:
> > In my kernel config, I have
> >=20
> >     options FAST_IPSEC
> >     device padlock
> >     device crypto
> >=20
=2E..
> > Yet when I configure racoon from ipsec-tools, racoon2, or iked for
> > dynamic keying, I get a "PFKEYv2 UPDATE" (or similar) failure. When
> > I set net.inet.ipsec.crypto_support=3D0 these same dynamic ike key
> > configurations work, albeit without HW crypto accelleration.
> >=20
> > Has anyone else observed this and know what the problem is?
>=20
> Is this after my recent padlock(4) update in RELENG_6?
Both for RELENG_6_1 (new VIA C7 padlock support) and RELENG_6 (VIA C3)
show this behavior on respective VIA processors. It's as if FAST_IPSEC
can't register a new key session with crypto device...

If you can point me where to debug (in padlock_* files?) I'd be happy
to help.

Adrian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060906140313.GA30204>