HiFn / FAST_IPSEC question
Sam Leffler
sam at errno.com
Sat Jan 17 13:29:06 PST 2004
On Friday 16 January 2004 10:48 am, Mike Tancsa wrote:
> I am more curious about what happens if you try 194 sessions on one or 65
> on the other, not why one is rated lower than the other.
>
When you try to allocate the SPI it will fail because you won't be able to
create a crypto session (this is FAST_IPSEC only). The right thing to do
(probably) is to fallback to s/w crypto but I don't believe the existing
crypto framework is smart enough.
Sam
More information about the freebsd-security
mailing list