On Tuesday 02 December 2003 8:41 am, Johnnie Chen wrote:

>   1. If I install a crypto accelerator in NetBSD-current and want to
> use FAST-IPSEC, what kind of kernel configuration I should have. I
> tried one case which comment out "options IPSEC" and "options ESP",
> but uncomment "options FAST_IPSEC". In this case, I can NOT use
> "setkey -f  XXX" to load SA and SP linto kernel like before, since
> "setkey -D" and "setkey -DP" show  message "sysctl: operation not
> support".

The fast-ipsec code is missing the necessary support needed by those two 
setkey options. I'm about to submit a patch to our fast-ipsec 
maintainers.

If you want a copy of the patch, let me know.

Cheers, Steve