From owner-freebsd-security Sun Jun 24 8:49: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 166B937B405; Sun, 24 Jun 2001 08:48:56 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id RAA82575; Sun, 24 Jun 2001 17:48:48 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Soren Kristensen Cc: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Status of encryption hardware support in FreeBSD References: <3B33A891.EC712701@soekris.com> From: Dag-Erling Smorgrav Date: 24 Jun 2001 17:48:47 +0200 In-Reply-To: <3B33A891.EC712701@soekris.com> Message-ID: Lines: 27 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Soren Kristensen writes: > As I now has prototypes avaliable of low cost PCI and MiniPCI boards, > moving to production in a couple of weeks, I would like to check up on > the work, as I would really like to see FreeBSD support. The boards are > now supported in OpenBSD 2.9. OK, so if I understand correctly, the encryption hardware in question offers a high-speed hardware implementation of the encryption algorithms used by IPSec, so it's a matter of a) having support code that interfaces with the hardware, possibly with a device interface to allow userland apps access to the encryption hardware and b) making our (well, KAME's) IPSec code use that instead of doing the encryption in software. Is that it, or did I misunderstand something? Now, if you want FreeBSD support for your hardware, all you have to do is find a willing developer , send him a sample board (or preferably two, for a full circuit, but one will do) with complete documentation and any additional resources you are willing and able to provide, and then wait a bit. Simply asking for someone to port the OpenBSD driver will not do - OpenBSD and FreeBSD are not very similar at the kernel level, and as others have stated before in a different context, driver source does not constitute adequate documentation. It helps, but it's neither sufficient nor necessary. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message