Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 09 Jul 2008 15:31:30 -0400
From:      Mike Tancsa <mike@sentex.net>
To:        Patrick =?iso-8859-1?Q?Lamaizi=E8re?= <patfbsd@davenulle.org>, freebsd-stable@freebsd.org
Subject:   Re: AMD Geode LX crypto accelerator (glxsb)
Message-ID:  <200807091931.m69JVWej032290@lava.sentex.ca>
In-Reply-To: <20080622170507.5ac469d2@baby-jane-lamaiziere-net.local>
References:  <20080606234135.46144207@baby-jane-lamaiziere-net.local> <20080622170507.5ac469d2@baby-jane-lamaiziere-net.local>
index | next in thread | previous in thread | raw e-mail 

At 11:05 AM 6/22/2008, Patrick Lamaizière wrote:
>Le Fri, 6 Jun 2008 23:41:35 +0200,
>Patrick Lamaizière <patfbsd@davenulle.org> a écrit :
>
>Hello,
>
> > I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE
> > (via the NetBSD port).
> > " The glxsb driver supports the security block of the Geode LX
> > series processors.  The Geode LX is a member of the AMD Geode family
> > of integrated x86 system chips.

Hi,
         Thanks for porting this over!  I am just 
trying it now with ipsec on a soekris 5501

Without the module loaded, I can do something simple like


# sh s
# cat s
MEOUTSIDE=64.x.x.x
MEINSIDE=192.168.5.0/24
REMOTEOUTSIDE=64.y.y.y
REMOTEINSIDE=192.168.1.0/24
IPSECKEY=zxzpprlNH61N11SGfrCa8dxZ


setkey -c <<EOF
         add $MEOUTSIDE $REMOTEOUTSIDE esp 1049 
-m any -E rijndael-cbc  "$IPSECKEY";
         add $REMOTEOUTSIDE $MEOUTSIDE esp 1049 
-m any -E rijndael-cbc  "$IPSECKEY";
         spdadd $MEINSIDE $REMOTEINSIDE any -P 
out ipsec esp/tunnel/$MEOUTSIDE-$REMOTEOUTSIDE/require;
         spdadd $REMOTEINSIDE $MEINSIDE any -P 
in  ipsec esp/tunnel/$REMOTEOUTSIDE-$MEOUTSIDE/require;
EOF


But if I load the glxsb modules, setkey fails on the same policy.

# setkey -F
# setkey -FP
# setkey -DP
No SPD entries.
# kldload glxsb
# dmesg | tail
vr0: link state changed to DOWN
vr0: link state changed to UP
vr0: promiscuous mode enabled
vr0: promiscuous mode disabled
vr1: promiscuous mode enabled
vr1: promiscuous mode disabled
vr1: promiscuous mode enabled
vr1: promiscuous mode disabled
glxsb0: detached
glxsb0: <AMD Geode LX Security Block 
(AES-128-CBC,RNG)> mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on pci0
# sh s
The result of line 1: Invalid argument.
The result of line 2: Invalid argument.
#

What is the proper AES encryption to use for 
IPSEC ? Why is there a difference in syntax 
?  This is RELENG_7 from a few days ago. If I 
change the crypto to 3des-cbc, it works, but its 
not making use of the crypto offload of course.

         ---Mike
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807091931.m69JVWej032290>