Subject: How to use FAST-IPSEC and kernfs to avoid PF_KEY problem (modes-to-large SA database)
To: None <port-i386@netbsd.org>
From: Johnnie Chen <gis90590@cis.nctu.edu.tw>
List: port-i386
Date: 12/02/2003 16:41:34
Dear all,
After reading lots of messages in the mailling-list, I still have two problems.
1. If I install a crypto accelerator in NetBSD-current and want to use FAST-IPSEC,
what kind of kernel configuration I should have. I tried one case which comment out
"options IPSEC" and "options ESP", but uncomment "options FAST_IPSEC". In this case,
I can NOT use "setkey -f XXX" to load SA and SP linto kernel like before, since "setkey -D"
and "setkey -DP" show message "sysctl: operation not support".
Can anyone tell me how to use FAST-IPSEC ?
2. I encountered the PF_KEY problem about six month ago. It's really exciting that lots people
are trying to figure it out. Sorry that I didn't post this bug immediately.
Now I hear one solution using kernfs. So, I can use "setkey -f XXX" to load large SAs now?
just like the way I used in NetBSD-1.5.2 ?
Johnnie Chen