Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD Gets 'Fast IPsec' Implementation

Posted by michael on from the better,-faster:-pick-any-two dept.

An anonymous reader writes "Sam Leffler (yes, one of the authors of the BSD Design and Implementation book you have on your bookshelf if you know anything with operating systems) has just committed a new FAST_IPSEC implementation to the FreeBSD 5.x source tree. It's a merge of the KAME IPsec implementation and the OpenBSD hardware crypto accelerated IPsec implementation. You can read the commit message here."

62 comments

  1. FreeS/WAN and Linux by FattMattP · · Score: 0, Offtopic

    When the hell is FreeS/WAN going to be merged into Linux?

    --
    Prevent email address forgery. Publish SPF records for y
    1. Re:FreeS/WAN and Linux by Anonymous Coward · · Score: 0

      And this has what to do with the BSD section?

      Moderators on crack.

    2. Re:FreeS/WAN and Linux by Anonymous Coward · · Score: 0

      And this has what to do with the BSD section?

      Fuck all, but this is slashdot, and he mentioned linux in a post that could possibly be seen to vaguely relate to the topic in a tangential manner...

      Moderators on crack.

      Or on Linux. What were you expecting, here?

    3. Re:FreeS/WAN and Linux by Anonymous Coward · · Score: 0

      Or on Linux. What were you expecting, here?

      proper punctuation, here.

    4. Re:FreeS/WAN and Linux by Anonymous Coward · · Score: 0

      proper punctuation, here.

      Eh? Further elaboration, please. Were you complaining about it, or just making an observation?

    5. Re:FreeS/WAN and Linux by Secure42 · · Score: 1, Offtopic

      Probably not soon, i think they are avoiding to add it to Linux Kernel to avoid some problems with cryptographic restrictions in some countries. Anyway most distributions include it in their kernels.

    6. Re:FreeS/WAN and Linux by FattMattP · · Score: 1

      Then maybe the Linux kernel needs to move outside of the US.

      --
      Prevent email address forgery. Publish SPF records for y
    7. Re:FreeS/WAN and Linux by Anonymous Coward · · Score: 0, Offtopic

      According to recent posts on LKML, it's rather unlikely that FreeS/WAN will be merged. Much more likely, it will be something DaveM and Alexy? cook up, borrowing heavily from the USAGI IPV6 implementation. This may even include hooks for hardware acceleration.

      FreeS/WAN's various 'tudes pretty much marginalized them, but, FWIW, at least one of the core team is supportive of the current effort.

    8. Re:FreeS/WAN and Linux by Anonymous Coward · · Score: 0

      FreeS/WAN will not come to vanilla Linux.
      Various kernel hackers will make a new one based on the ipsec at the USAGI(ipv6) project.

    9. Re:FreeS/WAN and Linux by peter · · Score: 2

      The US isn't a problem for crypto anymore. You just send an email to the gov't to tell them about your program that uses crypto. (haha suckers, Canadian's don't have to do lame stuff like that :) There are still other countries where crypto is a problem, though.

      --
      #define X(x,y) x##y
      Peter Cordes ; e-mail: X(peter@cordes , .ca)
  2. This is excellent news! by Anonymous Coward · · Score: 0

    Thanks to this, there is now NO REASON to install OpenBSD! Good thing I never bothered!

    Seriously though, this is good, because it's one more feature.

    1. Re:This is excellent news! by Anonymous Coward · · Score: 0

      Get a clue dipshit!

    2. Re:This is excellent news! by Anonymous Coward · · Score: 0

      I have a clue.
      Why I should use FreeBSD instead of OpenBSD:
      -It's well maintained
      -It's got up-to-date features
      -People outside of Calgary actually use it
      -It actually runs on today's hardware!

    3. Re:This is excellent news! by Anonymous Coward · · Score: 0

      Last time I checked, Sweden is not in Calgary.

    4. Re:This is excellent news! by peter · · Score: 2

      > > Last time I checked, Sweden is not in Calgary.

      > Thats affirmative. It is, however, in Canada you fucktard. I'm assuming that you're an American because you are geographically retarded.

      Nope, sorry, Sweden is not in Canada. Calgary is a city in western Canada, and Sweden is a nordic country. Apparently someone in Sweden uses OpenBSD, and is running on too little sleep.

      --
      #define X(x,y) x##y
      Peter Cordes ; e-mail: X(peter@cordes , .ca)
  3. Re:Nope by Anonymous Coward · · Score: 0

    Yeah -- tried a few other methods as well. It's only a little Linux Penguin image -- no reason for the mods to get so radged. Just wondering if there's a way to share binary files over Slashdot.

    Any ideas?

  4. Re:The End of FreeBSD by Anonymous Coward · · Score: 0

    Same here, great idea!

    Thx to the original poster. If all goes well, I'll be switching a lot of Linux boxes to BSD.

  5. ( Read More... | 2 of 34 comments ) by Anonymous Coward · · Score: 0

    Jeesh... Only two comments will be archived from this? Yeah, the trolls always have a go at BSD articles, but it's a bit worrying that there's hardly any discussion.

    I like FreeBSD in particular, but is this a sign that it really is dying?

    1. Re:( Read More... | 2 of 34 comments ) by Anonymous Coward · · Score: 0

      "He's not quite dead." These trolls like to spend all their time shouting down any BSD enthusiast who dares post on their website. Unfortunately, they get modded down to something more closely resembling their IQ's. It's pathetic. As far as I can make out, their aim is to fool people into believing that there is no viable alternative to Linux when the truth is that there have been quite a few for a long time --longer than Linux has been around in fact. This sort of social engineering is usually attributed to those big, vilified PR operations run by the likes of Microsoft. Is this what people call the "free" software movement? Dude, visit one of the BSD websites, read the install directions, try one version out, and draw your own conclusions for a change.

  6. Cool! by CoolVibe · · Score: 2
    Heck, I might actually have a use for this. Only if CURRENT were a little more stable.

    I certainly can't wait until this get's MFC'd.

    1. Re:Cool! by Anonymous Coward · · Score: 1, Funny

      You mean, "only if -CURRENT were a little more
      -STABLE." HAHA.

    2. Re:Cool! by essdodson · · Score: 1

      Kernel panic for two weeks now. :(

      Hopefully things will shape up as -CURRENT has gone into feature freeze and will soon go into code freeze in preperation for 5.0 Release, but don't expect 5.0 to be too stable.

      --
      scott
    3. Re:Cool! by Anonymous Coward · · Score: 1, Informative

      Compiles fine on my machine. The trick is to keep up with the mail lists for CURRENT and /usr/src/UPDATING.

  7. No, not really by Anonymous Coward · · Score: 0

    It's a sign that Slashdot is just about Linux and the GPL (sorry: GNU/Linux, GNU/GPL. I'm really GNU/sorry about that GNU/mixup). BSD just isn't as popular, but who cares, it gets the job done very nicely where I use it.

  8. Re:Dealing with the loss of FreeBSD by ethereal · · Score: 0, Flamebait

    Say it with me: char-nel house. charnel house. Stick to the script next time.

    --

    Your right to not believe: Americans United for Separation of Church and

  9. Things preventing me from using FreeBSD: by Anonymous Coward · · Score: 1, Interesting

    Although I'm well impressed with the development methodology and stability of FreeBSD, I'm tied to using Linux on my desktop right now because of the following four things. I know this is quite OT, but I've tried other places for questions...

    1) USB joypad support. Apparently non-existant, although I see some references to it in ports like BZFlag. FreeBSD USB page claims support may come in the future.

    2) Hardware 3D. Work is ongoing here, but right now it's a bit of a messy job and I'm hoping it will be fully in the kernel with 5.0.

    3) Sound -- Linux gives me two /dev/dsp[0,1] devices, but AFAICT FreeBSD only has one. Yeah, I know I can use something like EsoundD, but it'd be nicer to have it this way. Any clues?

    4) /bin/cp. Yeah, strange, but I tried to copy a large number of MP3 files from a backup CD onto my FreeBSD installation, but its cp died with "too many files" or the like. Had to "cp a* b* c*", then "d* e* f*" -- shame the GNU tools can do this without hassle.

    So, this probably deserves no mod points, but if anyone has any info here (should be clear that I've done some research!), please let me know.

    1. Re:Things preventing me from using FreeBSD: by vadim_t · · Score: 2, Informative
      I never used FreeBSD, but your /bin/cp problem is simple: you're bumping into the command line length limit. It exists in Linux too, although from what you say it's larger. Just work around it, for example:
      find . -exec cp {} /mp3 ';'
    2. Re:Things preventing me from using FreeBSD: by Anonymous Coward · · Score: 0

      Thanks vadim_t, will give that a try when I next install FreeBSD. Yeah, the length is larger in GNU fileutils, but maybe I'll have to have a look at the FreeBSD code...

    3. Re:Things preventing me from using FreeBSD: by Anonymous Coward · · Score: 1, Informative

      For my SB Live card I get a bunch of devices for the different channels/mixers. Take a look inside /dev/MAKEDEV :) You'll figure it out.

    4. Re:Things preventing me from using FreeBSD: by Anonymous Coward · · Score: 1, Informative

      It has nothing to do with GNU tools; it's a kernel limit, ARGS_MAX. You are limited to 65536 bytes of arguments (including the NUL at the end of each arg string). If you built GNU cp on FreeBSD (you can, you know) you'd see the exact same limit.

      You could try rebuilding the kernel with a larger ARGS_MAX, but if you want a general solution (i.e. one that's entirely unlimited) it's best to look into solutions such as a "find" and "xargs" pipeline. (Invoking cp for each file, as the grandparent post suggests, is going to be pretty inefficient.)

    5. Re:Things preventing me from using FreeBSD: by Anonymous Coward · · Score: 0

      Aha, I see! Thanks. I'll try changing the kernel limit next time I rebuild, or give the other ideas a shot if it's not wise to tweak that. Don't know if xargs will help though as that appears to just rearrange the arguments to cp.

      Ta again.

  10. Re:The End of FreeBSD by cookd · · Score: 1

    Although most definitely off-topic, I'm glad this was posted. I've been wondering why FreeBSD has been having such a hard time, and this seems to give some decent reasons for it.

    I still think BSD has some great things going for it, and in a few ways it still kicks Linux butt. But Linux is moving faster, so those areas may get smaller and smaller if FreeBSD doesn't get back in gear.

    I've been using FreeBSD for 5 years now for various things. It was my desktop for a while, but now it is simply my preferred server platform. I don't know if there is any advantage to using it as opposed to Linux for my uses since I've never tried to replace it. But it has been great.

    Anyway, I suppose this post is off-topic, too. But I hope to see both FreeBSD and Linux continuing long into the future. Long live the non-UNIX Unices!

    --
    Time flies like an arrow. Fruit flies like a banana.
  11. Re:The End of FreeBSD by Anonymous Coward · · Score: 0

    Have you ever touched a system running BSD, much less installed one? How then do you arrive at the conclusion that you know what you're talking about?

  12. Re:The End of FreeBSD by cookd · · Score: 1
    Hmm, troll. Heh. Cool.
    • Ever touched a system running BSD: yes.
    • Installed a system running BSD: yes.
    • Screw up my system upgrading from 2.(something) to 3.0 without reading the directions: yes.
    • Purchase the FreeBSD handbook at Comdex '97: yes
    • Run an Apache/PHP server on FreeBSD to serve a community web site: yes
    • Very proud that my old 486 box only crashed twice while serving said web site (once when the hard drive crashed, once when the water main in the host building broke): yes
    • Currently using it as my apartment's router, gateway, file server, and resident UNIX box (everybody needs a UNIX box in their apartment!): yes
    • Version currently in use: Somewhere around 4.5.STABLE
    I apologize for feeding the trolls. I really should know better.
    --
    Time flies like an arrow. Fruit flies like a banana.
  13. Re:attitude, attitude, attitude (pick any three) by Anonymous Coward · · Score: 0

    I suppose this means that those of us who don't have this book on our bookshelves don't know anything with operating systems, eh?

    You got it! This text is required reading if you're going to hack on any kernel, BSD or otherwise.

  14. Use tar by bastard42 · · Score: 1

    tar cf - .|(cd /mp3 && tar xvpf -)

    It keeps permissions as well. You can even throw in a ssh and copy things over to another machine i.e.:

    tar cf -|ssh -C machinename tar xvpf -

    or

    tar cf -|gzip -c|ssh machinename 'cd /mp3 && gzip -dc|tar xvpf -'

    Or throw in your favorite archive (cpio, pax) and compress (compress, bzip2) program

  15. Likely Never..... by Great+Malinko · · Score: 0

    Until the US relaxes its export laws on crypto.... So yea, I would have to say it will Never ever happen in mine or your lifetime.