[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: RE: FAST_IPSEC bug fix
From: "Oldach, Helge" <Helge.Oldach () atosorigin ! com>
Date: 2004-04-24 20:45:07
Message-ID: D2CFC58E0F8CB443B54BE72201E8916E94CBB3 () dehhx005 ! hbg ! de ! int ! atosorigin ! com
[Download RAW message or body]
> From: Sam Leffler [mailto:sam@errno.com]
> On Apr 24, 2004, at 11:24 AM, Mike Tancsa wrote:
> > At 12:56 PM 24/04/2004, Sam Leffler wrote:
> >> On Apr 24, 2004, at 9:03 AM, Oldach, Helge wrote:
> >>
> >>> Hi list,
> >>>
> >>> this is a month-old mail about the lack of a FAST_IPSEC feature
> >>> compared to legacy IPSEC. Including a working patch. I haven't
> >>> seen this being
> >>> committed, or is it? Please also MFC to STABLE.
> >>
> >> The fix was not quite right for -current (where it needs to go in
> >> first). I sent out the attached patch for testing but received no
> >> feedback. Until I can get it tested and committed to -current it
> >> won't be MFC'd.
> >
> > We dont run -current here, so I dont have anything to test it on.
> > Also, due to the bugs in the driver with HiFn 7955, we have had to
> > abandon FAST_IPSEC :(
>
> Running FAST IPSEC w/o h/w crypto is still faster than KAME
> IPsec. See the results in my BSDCon paper.
Yes, but still the net.key.preferred_oldsa issue hits, which is
what this thread is about. FAST_IPSEC is great, but unfortuantely useless
for me without this...
Sorry for beating this topic again. Unfortunately, like Mike, I don't have a
-current system around. Maybe someone with a -current box can test?
Helge
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic