From owner-freebsd-arch Wed Jul 3 13:46:21 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8316D37B400 for ; Wed, 3 Jul 2002 13:46:17 -0700 (PDT) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22DFF43E09 for ; Wed, 3 Jul 2002 13:46:17 -0700 (PDT) (envelope-from sam@errno.com) Received: from melange (melange.errno.com [66.127.85.82]) (authenticated bits=0) by ebb.errno.com (8.12.1/8.12.1) with ESMTP id g63KkGr4096335 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Wed, 3 Jul 2002 13:46:16 -0700 (PDT)?g (envelope-from sam@errno.com)œ Message-ID: <05c801c222d2$ad797550$52557f42@errno.com> From: "Sam Leffler" To: Subject: status of hardware crypto support Date: Wed, 3 Jul 2002 13:46:16 -0700 Organization: Errno Consulting MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a short note about the status of my work to port openbsd's support for hardware crypto devices to freebsd. I've had a patch available for -stable for a while that provides the openbsd kernel framework and a port of the device driver for various Hifn parts (e.g. 7751, 7951, 7811). In the past few weeks I've made major progress changing the KAME IPSEC code to use this framework, again in the style done by openbsd (using continuations to break up the input and output packet processing paths). At this point I have almost all aspects of IPv4-based IPSEC tested and working. There are some minor issues like support of the old-style AH protocol and keyed- MD5 and SHA1 AH algorithms, and I have yet to do any IPv6-based testing. In addition to the IPSEC work I've been talking to various hardware vendors about support for their products in FreeBSD. I now have Hifn-based cards of various flavors, and a Broadcom card for testing. I'm supposed to receive more hardware in the near future. I will be porting drivers for each of these cards from openbsd. Finally, I've been in touch with both openbsd and netbsd folks. My intent is to provide a common API for in-kernel and user-mode access to hardware crypto support. This will let everyone share application code (e.g. OpenSSL already done by openbsd) and reduce the effort required to port device drivers between the various systems. All my work so far has been in -stable, but I hope to port the work to -current soon. A goal is to get the kernel crypto device framework into the 5.0 release. I've been in touch with the KAME folks and will continue to discuss my IPSEC mods with them. My immediate work is to do performance analysis and tuning, and stress testing. Once I've completed that work I'll make the changes generally available. Special thanks to Vernier Networks who has been supporting this work and to GTGI who has provided crypto hardware. Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message