svn commit: r285523 - head/sys/conf
John-Mark Gurney
jmg at FreeBSD.org
Tue Jul 14 05:10:00 UTC 2015
Author: jmg
Date: Tue Jul 14 05:09:58 2015
New Revision: 285523
URL: https://svnweb.freebsd.org/changeset/base/285523
Log:
cryptodev is not needed for TCP_SIGNATURE...
Comment that cryptodev shouldn't be used unless you know what you're
doing...
The various arm/mips and one powerpc configs that have cryptodev in
them need to be addressed, audited if they provide benefit and removed
if they don't...
Modified:
head/sys/conf/NOTES
Modified: head/sys/conf/NOTES
==============================================================================
--- head/sys/conf/NOTES Tue Jul 14 02:00:50 2015 (r285522)
+++ head/sys/conf/NOTES Tue Jul 14 05:09:58 2015 (r285523)
@@ -997,8 +997,7 @@ options ACCEPT_FILTER_HTTP
# carried in TCP option 19. This option is commonly used to protect
# TCP sessions (e.g. BGP) where IPSEC is not available nor desirable.
# This is enabled on a per-socket basis using the TCP_MD5SIG socket option.
-# This requires the use of 'device crypto', 'options IPSEC'
-# or 'device cryptodev'.
+# This requires the use of 'device crypto' and 'options IPSEC'.
options TCP_SIGNATURE #include support for RFC 2385
# DUMMYNET enables the "dummynet" bandwidth limiter. You need IPFIREWALL
@@ -2817,6 +2816,10 @@ options DCONS_FORCE_GDB=1 # force to be
# been fed back to OpenBSD.
device crypto # core crypto support
+
+# Only install the cryptodev device if you are running tests, or know
+# specificly why you need it. Most cases, it is not needed and will
+# make things slower.
device cryptodev # /dev/crypto for access to h/w
device rndtest # FIPS 140-2 entropy tester
More information about the svn-src-all
mailing list