Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Jun 2001 21:13:28 -0500 (CDT)
From:      Jonathan Lemon <jlemon@flugsvamp.com>
To:        soren@soekris.com, hackers@freebsd.org, jlemon@freebsd.org
Subject:   Re: Status of encryption hardware support in FreeBSD
Message-ID:  <200106250213.f5P2DS676781@prism.flugsvamp.com>
In-Reply-To: <local.mail.freebsd-hackers/3B363713.2849219@soekris.com>
References:  <local.mail.freebsd-hackers/3B33A891.EC712701@soekris.com> <local.mail.freebsd-hackers/xzpn16x7uao.fsf@flood.ping.uio.no> <local.mail.freebsd-hackers/20010624181007.C52432@mail.webmonster.de> <local.mail.freebsd-hackers/xzpd77t7st6.fsf@flood.ping.uio.no> <local.mail.freebsd-hackers/20010624183147.F52432@mail.webmonster.de> <local.mail.freebsd-hackers/xzpzoax6dfc.fsf@flood.ping.uio.no> <local.mail.freebsd-hackers/20010624201456.A57877@mail.webmonster.de>

next in thread | previous in thread | raw e-mail | index | archive | help
In article <local.mail.freebsd-hackers/3B363713.2849219@soekris.com> you write:
>Hi,
>
>Thanks for the responses so far. First, let me say that I'm a hardware
>guy, and don't know all the details of FreeBSD's network stack.
>
>There is two common kind of hardware encryption acceleration, and I
>think they're being mixed a little here.
>
>SSL is for secure web access, and the main need is for Public Key
>generating. This don't really have anything to do with the IP stack.
>Afaik, OpenSSL is more like a extension to the web server software.
>
>IPSec is for secure communication, and the main need is for symmetric
>data encryption, typically using 3-DES. This need to be closely
>integrated in the IP stack.
>
>The boards I'm doing now, is based on a Hi/fn 7951, with is designed for
>VPM routers doing IPSec. It's supported in OpenBSD 2.9.
>
>And btw, hardware beats software anytime. The fastest PC processor right
>now is about the same speed as the slowest hardware....
>
>The reason why I posted originally was the figure out who are working on
>these things, as I remember seing a post some time ago about work being
>done to import some of the IPSec work from OpenBSD.
>The Kame project people might be the ones to talk to, but isn't there a
>need for a FreeBSD specifec hardware driver anyway ?

Yes; the hardware will need a specific driver for the board.  Also,
the interface into the IP stack needs to be defined as well, this 
depends on what capabilities the board can provide.  ISTR that various
boards have different requirements from the stack, and one item that
I'm focusing on is to try to work out an approach that will work for
various chips on the market.

Hopefully, this can be done in much the same way as the TCP/UDP/IP hardware
checksum offload code that I did earlier.

As such, the more information I get about the the interfaces the hardware 
requires the better.  Of course, in order to write a driver for FreeBSD,
I'd need complete programming details as well.


>I will be happy to donate hardware to the FreeBSD project.

I'll contact you offline about this.
-- 
Jonathan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106250213.f5P2DS676781>