From owner-freebsd-stable@FreeBSD.ORG Tue Mar 10 04:32:39 2009 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A57F5106564A for ; Tue, 10 Mar 2009 04:32:39 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.231]) by mx1.freebsd.org (Postfix) with ESMTP id 6FBAB8FC1B for ; Tue, 10 Mar 2009 04:32:39 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: by rv-out-0506.google.com with SMTP id f6so2181652rvb.43 for ; Mon, 09 Mar 2009 21:32:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:from:date:to:cc :subject:message-id:reply-to:references:mime-version:content-type :content-disposition:in-reply-to:user-agent; bh=AYCZHzSkjhRUAuv5OSj5/ZQICoxHOVNF52UCb8Km5Mw=; b=p4AfsZe3QdJYUY9pHWWnWS+jU7ykzjjRdqr90lep9OuO/MOYkULQUWiK7OTFZkgixy OtUCGrR3tPoKi+dcNZgPlYnmFUNu6mQb1Z6Z3DEiaR4lzSn8TnA94M4FFSfTbo25dQev mRwKPg9kekWzDG4J5EOSJn08dkdbsD1lbbLto= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:date:to:cc:subject:message-id:reply-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=VNDE92MjpDFlPKSv4zt/pFTGoL9sOMK4/xqdOvXMVBnYtW98oFKMI+PGkplDMdw3Bj msd6tsziKnptxgoZeriB3LALmCycFwNQ7v7Hi1Ykq/4mzKHnVcys9Tb0hTI+gofZBpkV 1MLDsqAQAWKLg2nx9yVAmRsZhADt6vGX5wTo8= Received: by 10.141.116.16 with SMTP id t16mr3479173rvm.280.1236659558944; Mon, 09 Mar 2009 21:32:38 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ([114.111.62.249]) by mx.google.com with ESMTPS id l31sm17229302rvb.5.2009.03.09.21.32.36 (version=SSLv3 cipher=RC4-MD5); Mon, 09 Mar 2009 21:32:37 -0700 (PDT) Received: by michelle.cdnetworks.co.kr (sSMTP sendmail emulation); Tue, 10 Mar 2009 13:30:59 +0900 From: Pyun YongHyeon Date: Tue, 10 Mar 2009 13:30:59 +0900 To: Bruce Simpson Message-ID: <20090310043059.GC9482@michelle.cdnetworks.co.kr> References: <49B1AC25.3000700@onetel.com> <27998819.871236382003017.JavaMail.HALO$@halo> <1d001f850903061814k2577f3ccs94be86bcc87b9efd@mail.gmail.com> <49B38AEF.8070909@beatsnet.com> <20090308093653.GD1531@michelle.cdnetworks.co.kr> <49B3FAA3.9010302@beatsnet.com> <20090309000610.GA5039@michelle.cdnetworks.co.kr> <49B538BC.3080108@incunabulum.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49B538BC.3080108@incunabulum.net> User-Agent: Mutt/1.4.2.3i Cc: stable@freebsd.org, Beat Siegenthaler Subject: Re: fxp unusable after make world X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2009 04:32:40 -0000 On Mon, Mar 09, 2009 at 03:41:48PM +0000, Bruce Simpson wrote: > Pyun YongHyeon wrote: > >Your controller looks like i82550. 82550/82551 has nice hardware > >cryptographic capability for IPSec acceleration but it's not used > >at all under FreeBSD. Intel's open source developer manual didn't > >even mention the existence of cryptographic capability. > > > > I had a crack at this about 5-6 years ago. > > Now that the descriptor ring format is fairly well known for fxp, reverse > engineering is feasible, as the setup uses the normal NDIS hooks which > Microsoft added for offloading cryptographic operations. Those *are* > documented. > I don't think the descriptor format is well known for IPSec processing. Intel didn't even show VLAN related bit in 82550/82551 Rx descriptor format. What might be hard to know would be o what kind of acceleration is done by hardware and how to active specific features o how SAs are managed in hardware o errata information > Making it work is another matter entirely... AFAIK hardware supported by fxp(4) and txp(4) can offload IPSec processing. Sun's Cassini+ also seems to have rudimentary support for IPSec packets but I'm not sure how useful it is. Because I don't use IPSec at all I have no interests in IPSec acceleration at this moment. 3Com's Typhoon2 datasheet gives more information on IPSec acceleration so it would be easier to start with txp(4).