FreeBSD Gets 'Fast IPsec' Implementation

← Back to Stories (view on slashdot.org)

FreeBSD Gets 'Fast IPsec' Implementation

Posted by michael on Tuesday October 22, 2002 @06:50AM from the better,-faster:-pick-any-two dept.

An anonymous reader writes "Sam Leffler (yes, one of the authors of the BSD Design and Implementation book you have on your bookshelf if you know anything with operating systems) has just committed a new FAST_IPSEC implementation to the FreeBSD 5.x source tree. It's a merge of the KAME IPsec implementation and the OpenBSD hardware crypto accelerated IPsec implementation. You can read the commit message here."

15 of 62 comments (clear)

Min score:

Reason:

Sort:

Re:FreeS/WAN and Linux by Secure42 · 2002-10-22 12:11 · Score: 1, Offtopic

Probably not soon, i think they are avoiding to add it to Linux Kernel to avoid some problems with cryptographic restrictions in some countries. Anyway most distributions include it in their kernels.
Re:FreeS/WAN and Linux by FattMattP · 2002-10-22 14:02 · Score: 1

Then maybe the Linux kernel needs to move outside of the US.

--
Prevent email address forgery. Publish SPF records for y
Cool! by CoolVibe · 2002-10-24 04:15 · Score: 2

Heck, I might actually have a use for this. Only if CURRENT were a little more stable.
I certainly can't wait until this get's MFC'd.
1. Re:Cool! by Anonymous Coward · 2002-10-24 05:06 · Score: 1, Funny
  
  You mean, "only if -CURRENT were a little more
  -STABLE." HAHA.
2. Re:Cool! by essdodson · 2002-10-25 03:17 · Score: 1
  
  Kernel panic for two weeks now. :(
  
  Hopefully things will shape up as -CURRENT has gone into feature freeze and will soon go into code freeze in preperation for 5.0 Release, but don't expect 5.0 to be too stable.
  
  --
  scott
3. Re:Cool! by Anonymous Coward · 2002-10-28 16:42 · Score: 1, Informative
  
  Compiles fine on my machine. The trick is to keep up with the mail lists for CURRENT and /usr/src/UPDATING.
Things preventing me from using FreeBSD: by Anonymous Coward · 2002-10-24 10:34 · Score: 1, Interesting

Although I'm well impressed with the development methodology and stability of FreeBSD, I'm tied to using Linux on my desktop right now because of the following four things. I know this is quite OT, but I've tried other places for questions...

1) USB joypad support. Apparently non-existant, although I see some references to it in ports like BZFlag. FreeBSD USB page claims support may come in the future.

2) Hardware 3D. Work is ongoing here, but right now it's a bit of a messy job and I'm hoping it will be fully in the kernel with 5.0.

3) Sound -- Linux gives me two /dev/dsp[0,1] devices, but AFAICT FreeBSD only has one. Yeah, I know I can use something like EsoundD, but it'd be nicer to have it this way. Any clues?

4) /bin/cp. Yeah, strange, but I tried to copy a large number of MP3 files from a backup CD onto my FreeBSD installation, but its cp died with "too many files" or the like. Had to "cp a* b* c*", then "d* e* f*" -- shame the GNU tools can do this without hassle.

So, this probably deserves no mod points, but if anyone has any info here (should be clear that I've done some research!), please let me know.
1. Re:Things preventing me from using FreeBSD: by vadim_t · 2002-10-26 14:28 · Score: 2, Informative
  
  I never used FreeBSD, but your /bin/cp problem is simple: you're bumping into the command line length limit. It exists in Linux too, although from what you say it's larger. Just work around it, for example:
  find . -exec cp {} /mp3 ';'
2. Re:Things preventing me from using FreeBSD: by Anonymous Coward · 2002-10-27 00:52 · Score: 1, Informative
  
  For my SB Live card I get a bunch of devices for the different channels/mixers. Take a look inside /dev/MAKEDEV :) You'll figure it out.
3. Re:Things preventing me from using FreeBSD: by Anonymous Coward · 2002-10-27 06:51 · Score: 1, Informative
  
  It has nothing to do with GNU tools; it's a kernel limit, ARGS_MAX. You are limited to 65536 bytes of arguments (including the NUL at the end of each arg string). If you built GNU cp on FreeBSD (you can, you know) you'd see the exact same limit.
  
  You could try rebuilding the kernel with a larger ARGS_MAX, but if you want a general solution (i.e. one that's entirely unlimited) it's best to look into solutions such as a "find" and "xargs" pipeline. (Invoking cp for each file, as the grandparent post suggests, is going to be pretty inefficient.)
Re:The End of FreeBSD by cookd · 2002-10-28 01:08 · Score: 1

Although most definitely off-topic, I'm glad this was posted. I've been wondering why FreeBSD has been having such a hard time, and this seems to give some decent reasons for it.

I still think BSD has some great things going for it, and in a few ways it still kicks Linux butt. But Linux is moving faster, so those areas may get smaller and smaller if FreeBSD doesn't get back in gear.

I've been using FreeBSD for 5 years now for various things. It was my desktop for a while, but now it is simply my preferred server platform. I don't know if there is any advantage to using it as opposed to Linux for my uses since I've never tried to replace it. But it has been great.

Anyway, I suppose this post is off-topic, too. But I hope to see both FreeBSD and Linux continuing long into the future. Long live the non-UNIX Unices!

--
Time flies like an arrow. Fruit flies like a banana.
Re:The End of FreeBSD by cookd · 2002-10-28 17:29 · Score: 1
Hmm, troll. Heh. Cool.
- Ever touched a system running BSD: yes.
- Installed a system running BSD: yes.
- Screw up my system upgrading from 2.(something) to 3.0 without reading the directions: yes.
- Purchase the FreeBSD handbook at Comdex '97: yes
- Run an Apache/PHP server on FreeBSD to serve a community web site: yes
- Very proud that my old 486 box only crashed twice while serving said web site (once when the hard drive crashed, once when the water main in the host building broke): yes
- Currently using it as my apartment's router, gateway, file server, and resident UNIX box (everybody needs a UNIX box in their apartment!): yes
- Version currently in use: Somewhere around 4.5.STABLE
I apologize for feeding the trolls. I really should know better.
--
Time flies like an arrow. Fruit flies like a banana.
Re:FreeS/WAN and Linux by peter · 2002-10-29 16:19 · Score: 2

The US isn't a problem for crypto anymore. You just send an email to the gov't to tell them about your program that uses crypto. (haha suckers, Canadian's don't have to do lame stuff like that :) There are still other countries where crypto is a problem, though.

--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@cordes , .ca)
Re:This is excellent news! by peter · 2002-10-29 16:28 · Score: 2

> > Last time I checked, Sweden is not in Calgary.

> Thats affirmative. It is, however, in Canada you fucktard. I'm assuming that you're an American because you are geographically retarded.

Nope, sorry, Sweden is not in Canada. Calgary is a city in western Canada, and Sweden is a nordic country. Apparently someone in Sweden uses OpenBSD, and is running on too little sleep.

--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@cordes , .ca)
Use tar by bastard42 · 2002-10-30 10:26 · Score: 1

tar cf - .|(cd /mp3 && tar xvpf -)

It keeps permissions as well. You can even throw in a ssh and copy things over to another machine i.e.:

tar cf -|ssh -C machinename tar xvpf -

or

tar cf -|gzip -c|ssh machinename 'cd /mp3 && gzip -dc|tar xvpf -'

Or throw in your favorite archive (cpio, pax) and compress (compress, bzip2) program