From owner-freebsd-net@FreeBSD.ORG Wed Oct 12 03:18:46 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 819ED16A41F for ; Wed, 12 Oct 2005 03:18:46 +0000 (GMT) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F0F943D45 for ; Wed, 12 Oct 2005 03:18:45 +0000 (GMT) (envelope-from mike@sentex.net) Received: from BLUELAPIS.sentex.ca (cage.simianscience.com [64.7.134.1]) by smarthost2.sentex.ca (8.13.4/8.13.4) with SMTP id j9C3Iib4009820; Tue, 11 Oct 2005 23:18:44 -0400 (EDT) (envelope-from mike@sentex.net) From: Mike Tancsa To: Oliver Fromme Date: Tue, 11 Oct 2005 23:18:49 -0400 Message-ID: <7hnok1p8bnvjrdps7273k20d0fi8ia8jkj@4ax.com> References: <05kfk11pk1o960o0bro2lr7d7jhi5l28et@4ax.com> <200510110914.j9B9Elct092758@lurza.secnetix.de> In-Reply-To: <200510110914.j9B9Elct092758@lurza.secnetix.de> X-Mailer: Forte Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.51 on 205.211.164.50 Cc: freebsd-net@freebsd.org Subject: Re: VIA VT6103 support (VIA EPIA PD) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2005 03:18:46 -0000 On Tue, 11 Oct 2005 11:14:47 +0200 (CEST), in sentex.lists.freebsd.net you wrote: >Mike Tancsa wrote: > > [ Oliver Fromme wrote: ] > > > It has survived several buildworlds and network activity > > > without any problems. It's now running today's 6.0-BETA5. > > > Here's a copy of dmesg, if someone's interested: > > >=20 > > > http://www.secnetix.de/~olli/dmesg/epia.6.0-BETA5.txt > >=20 > > IF you use FAST_IPSEC, load the padlock.,ko as it makes a nice speed > > boost! Also, you will need to use the patch in > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Di386/86598 > > otherwise you will get the odd SSH problem when using AES > >Sounds cool! I'll give that a try this weekend. >Thanks for the hint. > >However, don't quite understand how things work together. >Is the padlock.ko module used by IPSec only? Or is it >used by OpenSSL, too? Do I have to recompile OpenSSL with >special options? Padlock.ko works with the FreeBSD CryptoDev framework. So things like geil(8) will make use of it as well as anything that uses the cryptodev framework (e.g. FAST_IPSEC). See the docs on cryptodev for more info > >I assume that only AES is supported by the hardware, right? Correct. Not all Via's support it either. The ACE in the CPU features tells you that yours does. >So I have to set up my /etc/ssh/ssh_config to use aes128_cbc >as the first entry in the "Ciphers" line, right? (I've set >it to blowfish by default, because it's faster than aes, >but that's without hardware support, of course.) Yes > >Oh, by the way: What would be an appropriate CPUTYPE for Generally, I have not set it as I have been burned in the past for generally little benefit. >/etc/make.conf for the C3 Nehemiah processor? Currently I >don't set any CPUTYPE at all, but I wonder if there's a >setting for more efficient code generation. According to >the processor information ... > >CPU: VIA C3 Nehemiah+RNG+ACE (1002.28-MHz 686-class CPU) > Origin =3D "CentaurHauls" Id =3D 0x698 Stepping =3D 8 > = Features=3D0x381b83f > >.. it supports MMX and SSE, so CPUTYPE=3D"pentium3" should >work, I think. But I'm not sure. > >Best regards > Oliver -------------------------------------------------------- Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 mike@sentex.net, (http://www.tancsa.com)