Discussion:
FAST_IPSEC?
(too old to reply)
Hubert Feyrer
2009-06-25 09:48:25 UTC
Permalink
I wonder what the status of our FAST_IPSEC implementation is.
It's not (even) commented-out in i386/GENERIC, and the manpage
also has a few holes (no sysctls listed, etc.)

Does anyone use FAST_IPSEC? Successfully? Possibly with
hardware accelerated cryptography?

FWIW, enabling it in the kernel gets me a lot of

ipsecpol: done, sp 0x0 error 0,

spewed on the console. The patch below reduces this somewhat.
Does anyone want to commit this?


- Hubert


Index: ipsec.c
===================================================================
RCS file: /cvsroot/src/sys/netipsec/ipsec.c,v
retrieving revision 1.39
diff -u -r1.39 ipsec.c
--- ipsec.c 27 Jun 2008 17:28:24 -0000 1.39
+++ ipsec.c 25 Jun 2009 09:45:41 -0000
@@ -727,7 +727,7 @@
KEY_FREESP(&sp);
sp = NULL;
}
- DPRINTF(("ipsecpol: done, sp %p error %d, \n", sp, *error));
+ if (sp != NULL || *error != 0) DPRINTF(("ipsecpol: done, sp %p error %d, \n", sp, *error));
return sp;
}

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Hubert Feyrer
2009-06-25 10:00:56 UTC
Permalink
+ if (sp != NULL || *error != 0) DPRINTF(("ipsecpol: done, sp %p error %d, \n", sp, *error));
Actually, that should just check for *error != 0,
else it'll still spam the console during regular IPsec operation.
(Without the patch, even non-IPsec traffic fills up the console)


- Hubert

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Christos Zoulas
2009-06-25 15:28:09 UTC
Permalink
Post by Hubert Feyrer
I wonder what the status of our FAST_IPSEC implementation is.
It's not (even) commented-out in i386/GENERIC, and the manpage
also has a few holes (no sysctls listed, etc.)
Does anyone use FAST_IPSEC? Successfully? Possibly with
hardware accelerated cryptography?
FWIW, enabling it in the kernel gets me a lot of
ipsecpol: done, sp 0x0 error 0,
spewed on the console. The patch below reduces this somewhat.
Does anyone want to commit this?
Why don't you?

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Hubert Feyrer
2009-06-25 15:34:13 UTC
Permalink
Post by Christos Zoulas
Post by Hubert Feyrer
ipsecpol: done, sp 0x0 error 0,
spewed on the console. The patch below reduces this somewhat.
Does anyone want to commit this?
Why don't you?
I can if someone does a review gives me an OK.
I'm just very new to the area, and don't want to break anything. :)


- Hubert


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Christos Zoulas
2009-06-25 17:40:24 UTC
Permalink
On Jun 25, 5:34pm, ***@feyrer.de (Hubert Feyrer) wrote:
-- Subject: Re: FAST_IPSEC?

| On Thu, 25 Jun 2009, Christos Zoulas wrote:
| >> ipsecpol: done, sp 0x0 error 0,
| >>
| >> spewed on the console. The patch below reduces this somewhat.
| >> Does anyone want to commit this?
| >
| > Why don't you?
|
| I can if someone does a review gives me an OK.
| I'm just very new to the area, and don't want to break anything. :)

That's ok. I fixed it. Thanks for pointing it out.

christos

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...