Date: Wed, 06 Sep 2006 12:43:50 -0400 From: Stephen Clark <Stephen.Clark@seclark.us> To: Adrian Steinmann <ast@webgroup.ch> Cc: freebsd-stable@FreeBSD.org, Pawel Jakub Dawidek <pjd@FreeBSD.org> Subject: Re: FAST_IPSEC + device padlock + device crypto + IKE broken? Message-ID: <44FEFAC6.1050404@seclark.us> In-Reply-To: <20060906140313.GA30204@webgroup.ch> References: <20060906062912.GA44900@webgroup.ch> <20060906063621.GA23449@garage.freebsd.pl> <20060906140313.GA30204@webgroup.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Adrian Steinmann wrote: >On Wed, Sep 06, 2006 at 08:36:21AM +0200, Pawel Jakub Dawidek wrote: > > >>On Wed, Sep 06, 2006 at 08:29:13AM +0200, Adrian Steinmann wrote: >> >> >>>In my kernel config, I have >>> >>> options FAST_IPSEC >>> device padlock >>> device crypto >>> >>> >>> >... > > >>>Yet when I configure racoon from ipsec-tools, racoon2, or iked for >>>dynamic keying, I get a "PFKEYv2 UPDATE" (or similar) failure. When >>>I set net.inet.ipsec.crypto_support=0 these same dynamic ike key >>>configurations work, albeit without HW crypto accelleration. >>> >>>Has anyone else observed this and know what the problem is? >>> >>> >>Is this after my recent padlock(4) update in RELENG_6? >> >> >Both for RELENG_6_1 (new VIA C7 padlock support) and RELENG_6 (VIA C3) >show this behavior on respective VIA processors. It's as if FAST_IPSEC >can't register a new key session with crypto device... > >If you can point me where to debug (in padlock_* files?) I'd be happy >to help. > >Adrian >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > I see the same problem with 6.1 without the changes from Pawel. Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44FEFAC6.1050404>