FAST_IPSEC headers (with declarations of stats structures) in
userspace code. I haven't checked for strict POSIX conformance, but
Sam Leffler's FreeBS `ipsecstats' tool will now compile, if you
manually make and populate usr/include/sys/netipsec.
Committed as-is for Andrew Brown to check more of the sys/netipsec sysctls.
Kanaoka. I've been sitting on this code for 3 years, and have not done
anything better with it. It is ugly, it needs to be handled better, but
it is better to have it #ifdef'ed out rather than nothing.
Michael Eriksson posted to port-i386 on 20031102, with various
modifications by me to work in the new sysctl(9) framework.
The code is enabled with 'options ENHANCED_SPEEDSTEP', and if
the CPU supports EST the following sysctl(8) nodes appear
(with the values that a Dell Inspiron 8600 + WUXGA with a
1.4GHz Pentium M CPU supports):
machdep.est.cpu_brand = Intel(R) Pentium(R) M processor 1400MHz
machdep.est.frequency.target = 1400
machdep.est.frequency.current = 1400
machdep.est.frequency.available = 1400 1200 1000 800 600
If EST support isn't available, the "machdep.est" sysctl sub-MIB
is not created.
Once we have a more general "CPU frequency" control API we can
migrate this code to using that.
Thanks to Michael Erikkson for providing this code!
written by Michael Eriksson and posted to port-i386 on 20031102.
(This is the driver "as is" - I'll commit the code to integrate it
into -current separately)
#1. Fix an off-by-one error in sysctl_net_key_dumpsa(), which was
passing sysctl argument name[1] to a helper. According to Andrew
Brown's revised dynamic sysctl schmea, it must instead pass name[0].
2. There is a naming glitch in using sysctl() for setkey(8): setkey
queries the same sysctl MIB numbers to dump IPsec database state,
irrepesctive of the underlying IPsec is KAME or FAST_IPSEC.
For this to work as expected, sys/netipsec must export net.key.dumpsa
and net.key.dumpsp via the identical MIB numbers used by sys/netkey.
``Make it so''. For now, renumber the sys/netipsec/key.c nodes;
post-2.0 we can use sysctl aliases.
3. For as-yet-unexplained reasons, the PF_KEY_V2 nodes are never
shown (or queried?) by sysctl(8). For 2.0, I am following an earlier
suggestion from Andrew Brown, and renumbering allthe FAST_IPSEC sysctl
nodes to appear under net.key at MIB number { CTL_NET, PF_KEY }. Since
the renumbering may change, the renumbering is done via a level of
indirection in the C preprocessor.
The nett result is that setkey(8) can find the nodes it needs for
setkey -D and setkey -PD: and that sysctl(8) finds all the FAST_IPSEC
sysctl nodes relatedy to IPsec keying, under net.key. Andrew Brown
has reviewed this patch and tentatively approved the changes, though
we may rework some of the changes in -current in the near future.
review, proofing, and bug-fixing by Thomas Klausner (wiz):
1. add hifn(40 and ubsec(4) to share/man/man4/Makefile and the distrib set lists.
2. Restore commented-out cross-references to hifn(40 and ubsec(4) in crypto(4).
No change made to hifn.4 or ubsec.4; commit forced for cross-reference
and for pullup-request purposes.
kernel and ran for a day or so. There are still some caddr_t types in
the arguments of some calls, I will do those separately (later) as
they touch a lot more of the system.
Approved by christos@NetBSD.org.
will be hardware-accelerated. Avoids copyin()/copyout() overhead and
spending exceessive tie inside the kernel.
Pullup after: 24 hours, or confirmation by Jason Thorpe that this is the
consensus tech-kern agreed upon last summer.
