Subject: Re: Hifn crypto driver: does it work for anyone?
To: None <tech-kern@netbsd.org, tech-security@netbsd.org,>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 10/16/2005 15:49:50
On Sun, Oct 16, 2005 at 03:35:08PM -0400, Thor Lancelot Simon wrote:
> I've been working on the Hifn crypto driver recently and have noticed
> something startling: in a kernel with pseudo-device crypto and options
> FAST_IPSEC, after the system has been running for a short while, all
> crypto requests fail.
>
> This causes ssh to not work (since openssl uses /dev/crypto if present)
> and it causes IPsec to not work, since encryption of every packet fails.
Another interesting data point: if I have pseudo-device crypto *and*
FAST_IPSEC in the kernel, requests from user processes via /dev/crypto
fail (return error). But if I have pseudo-device crypto *but not*
FAST_IPSEC, the user processes making such requests hang forever with
wait channel "crydev".
Something seems to be wrong with this driver, but I'm not sure where to
start looking. Does anyone have it working with a 7955 or 7956 or even,
for that matter, a 7951?
Thor