FAST_IPSEC + device padlock + device crypto + IKE broken?
Adrian Steinmann
ast at webgroup.ch
Wed Sep 6 07:04:06 PDT 2006
On Wed, Sep 06, 2006 at 08:36:21AM +0200, Pawel Jakub Dawidek wrote:
> On Wed, Sep 06, 2006 at 08:29:13AM +0200, Adrian Steinmann wrote:
> > In my kernel config, I have
> >
> > options FAST_IPSEC
> > device padlock
> > device crypto
> >
...
> > Yet when I configure racoon from ipsec-tools, racoon2, or iked for
> > dynamic keying, I get a "PFKEYv2 UPDATE" (or similar) failure. When
> > I set net.inet.ipsec.crypto_support=0 these same dynamic ike key
> > configurations work, albeit without HW crypto accelleration.
> >
> > Has anyone else observed this and know what the problem is?
>
> Is this after my recent padlock(4) update in RELENG_6?
Both for RELENG_6_1 (new VIA C7 padlock support) and RELENG_6 (VIA C3)
show this behavior on respective VIA processors. It's as if FAST_IPSEC
can't register a new key session with crypto device...
If you can point me where to debug (in padlock_* files?) I'd be happy
to help.
Adrian
More information about the freebsd-stable
mailing list