Project

General

Profile

Actions

Bug #2196

closed

Multiple crypto cards in a box may conflict in unexpected ways

Added by Jim Pingle about 12 years ago. Updated over 7 years ago.

Status:
Not a Bug
Priority:
Low
Assignee:
-
Category:
Operating System
Target version:
-
Start date:
02/10/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

If there are multiple crypto devices on a box (padlock, hifn, glxsb) it may lead to some abiguity or confusion about which is active or which is intended to be active. Compounded by the fact that some are onboard.

The hifn and padlock drivers also don't appear to respect device.hints aimed at disabling them.

There is a sysctl for ipsec that is supposed to allow control over whether or not crypto hardware is used.

net.inet.ipsec.crypto_support: 50331648

A value of -1 is supposed to force software crypto only, but it did not appear to be respected in a quick test.

There also doesn't appear to be a system-wide way to choose between crypto devices in FreeBSD, it claims it will just pick "the best one" but there may not be anything we can do about that.

This entry is here mainly to have this documented and in case we can find a way around it down the road somewhere.

Actions #1

Updated by Ermal Luçi about 12 years ago

Just to keep this noted here.
Seems -1 is not the value for software only but on 8.1 sources 0x02000000 is the value.

Actions #2

Updated by Jim Pingle about 12 years ago

0x2000000 = 33554432 decimal (why that sysctl wants a hex mask but displays in decimal)

Actions #3

Updated by Jeremy Porter about 8 years ago

  • Status changed from New to Not a Bug
Actions #4

Updated by Chris Buechler over 7 years ago

  • Target version deleted (Future)
Actions

Also available in: Atom PDF