From owner-freebsd-net@FreeBSD.ORG Tue Oct 11 09:14:50 2005 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DD6E16A41F for ; Tue, 11 Oct 2005 09:14:50 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69AD943D45 for ; Tue, 11 Oct 2005 09:14:49 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (jylqnu@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j9B9ElXi092759 for ; Tue, 11 Oct 2005 11:14:48 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j9B9Elct092758; Tue, 11 Oct 2005 11:14:47 +0200 (CEST) (envelope-from olli) Date: Tue, 11 Oct 2005 11:14:47 +0200 (CEST) Message-Id: <200510110914.j9B9Elct092758@lurza.secnetix.de> From: Oliver Fromme To: freebsd-net@FreeBSD.ORG In-Reply-To: <05kfk11pk1o960o0bro2lr7d7jhi5l28et@4ax.com> X-Newsgroups: list.freebsd-net User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) Cc: Subject: Re: VIA VT6103 support (VIA EPIA PD) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@FreeBSD.ORG List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 09:14:50 -0000 Mike Tancsa wrote: > [ Oliver Fromme wrote: ] > > It has survived several buildworlds and network activity > > without any problems. It's now running today's 6.0-BETA5. > > Here's a copy of dmesg, if someone's interested: > > > > http://www.secnetix.de/~olli/dmesg/epia.6.0-BETA5.txt > > IF you use FAST_IPSEC, load the padlock.,ko as it makes a nice speed > boost! Also, you will need to use the patch in > http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/86598 > otherwise you will get the odd SSH problem when using AES Sounds cool! I'll give that a try this weekend. Thanks for the hint. However, don't quite understand how things work together. Is the padlock.ko module used by IPSec only? Or is it used by OpenSSL, too? Do I have to recompile OpenSSL with special options? I assume that only AES is supported by the hardware, right? So I have to set up my /etc/ssh/ssh_config to use aes128_cbc as the first entry in the "Ciphers" line, right? (I've set it to blowfish by default, because it's faster than aes, but that's without hardware support, of course.) Oh, by the way: What would be an appropriate CPUTYPE for /etc/make.conf for the C3 Nehemiah processor? Currently I don't set any CPUTYPE at all, but I wonder if there's a setting for more efficient code generation. According to the processor information ... CPU: VIA C3 Nehemiah+RNG+ACE (1002.28-MHz 686-class CPU) Origin = "CentaurHauls" Id = 0x698 Stepping = 8 Features=0x381b83f .. it supports MMX and SSE, so CPUTYPE="pentium3" should work, I think. But I'm not sure. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "If you aim the gun at your foot and pull the trigger, it's UNIX's job to ensure reliable delivery of the bullet to where you aimed the gun (in this case, Mr. Foot)." -- Terry Lambert, FreeBSD-hackers mailing list.