port-i386: How to use FAST-IPSEC and kernfs to avoid PF_KEY problem (modes-to-large SA database)

Subject: How to use FAST-IPSEC and kernfs to avoid PF_KEY problem (modes-to-large SA database)
To: None <port-i386@netbsd.org>
From: Johnnie Chen <gis90590@cis.nctu.edu.tw>
List: port-i386
Date: 12/02/2003 16:41:34

Dear all, 

  After reading lots of messages in the mailling-list, I still have two problems.
    
  1. If I install a crypto accelerator in NetBSD-current and want to use FAST-IPSEC, 
      what kind of kernel configuration I should have. I tried one case which comment out
      "options IPSEC" and "options ESP", but uncomment "options FAST_IPSEC". In this case, 
      I can NOT use "setkey -f  XXX" to load SA and SP linto kernel like before, since "setkey -D"
      and "setkey -DP" show  message "sysctl: operation not support". 

      Can anyone tell me how to use FAST-IPSEC ?

 2. I encountered the PF_KEY problem about six month ago. It's really exciting that lots people 
     are trying to figure it out. Sorry that I didn't post this bug immediately.
     Now I hear one solution using kernfs. So, I can use "setkey -f XXX" to load large SAs now?
     just like the way I used in NetBSD-1.5.2 ?

Johnnie Chen