Bug #2196
closedMultiple crypto cards in a box may conflict in unexpected ways
0%
Description
If there are multiple crypto devices on a box (padlock, hifn, glxsb) it may lead to some abiguity or confusion about which is active or which is intended to be active. Compounded by the fact that some are onboard.
The hifn and padlock drivers also don't appear to respect device.hints aimed at disabling them.
There is a sysctl for ipsec that is supposed to allow control over whether or not crypto hardware is used.
net.inet.ipsec.crypto_support: 50331648
A value of -1 is supposed to force software crypto only, but it did not appear to be respected in a quick test.
There also doesn't appear to be a system-wide way to choose between crypto devices in FreeBSD, it claims it will just pick "the best one" but there may not be anything we can do about that.
This entry is here mainly to have this documented and in case we can find a way around it down the road somewhere.
Updated by Ermal Luçi about 12 years ago
Just to keep this noted here.
Seems -1 is not the value for software only but on 8.1 sources 0x02000000 is the value.
Updated by Jim Pingle about 12 years ago
0x2000000 = 33554432 decimal (why that sysctl wants a hex mask but displays in decimal)