Date: Thu, 15 Apr 2004 10:51:48 -0400 From: andy@lewman.com To: Mike Tancsa <mike@sentex.net> Cc: security@freebsd.org Subject: Re: recommended SSL-friendly crypto accelerator Message-ID: <20040415145148.GA99338@phobos.osem.com> In-Reply-To: <6.0.3.0.0.20040414230754.07d7cf18@209.112.4.2> References: <20040408144322.GA83448@bewilderbeast.blackhelicopters.org> <26486.1081437513@critter.freebsd.dk> <20040413181943.GA55219@bewilderbeast.blackhelicopters.org> <20040415030319.GA71038@phobos.osem.com> <6.0.3.0.0.20040414230754.07d7cf18@209.112.4.2>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, I have the vpn1411, 7955 based card. It appears to be recognized, and appears to do certain things with apache2-ssl, system openssh. hifnstats shows decent amounts of traffic through it (at least interrupts) however cryptokeytest doesn't work due to an unsupport call apparently. Here's my hifnstats: input 476104224 bytes 1527365 packets output 476104224 bytes 1527365 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 Since I can't run any test utils through the card, I can only assume this is from actual code running on the card. I'm running freebsd 4.9-stable. -Andrew On Wed, Apr 14, 2004 at 11:10:02PM -0400, mike@sentex.net wrote 2.5K bytes in 62 lines about: : : Someone with the time, knowledge and perhaps funding to fix it. It would be : nice too if someone with a Soekris 1401 or 7556 based card on FreeBSD or : OpenBSD could duplicate my results just to confirm its not a bad batch of 3 : cards that I have : : ---Mike : : At 11:03 PM 14/04/2004, andy@lewman.com wrote: : >Ok, so what exactly needs to be done to get full hifn support working in : >4.x/5.x? : > : >I seem to have lost the original train of thought here. : > : >-Andrew : > : >On Tue, Apr 13, 2004 at 02:19:43PM -0400, mwlucas@blackhelicopters.org : >wrote 1.5K bytes in 37 lines about: : >: On Thu, Apr 08, 2004 at 05:18:33PM +0200, Poul-Henning Kamp wrote: : >: > In message : ><20040408144322.GA83448@bewilderbeast.blackhelicopters.org>, "Michae : >: > l W. Lucas" writes: : >: > >On Thu, Apr 08, 2004 at 04:28:37PM +0200, Poul-Henning Kamp wrote: : >: > >> >>Look at VPN14x1 from www.soekris.com, it's darn cheap too. : >: > > : >: > >Thanks, phk! : >: > > : >: > >For $79, it's cheap enough that I could put a whole stack of them in a : >: > >machine. Can FreeBSD take advantage of multiple cards like that? : >: > : >: > I think so, but I am not sure the code currently does load-sharing : >: > or just "try to find a card which can do this job" sharing. : >: > : >: > Maybe sam@ would know, you should probably ask him. : >: : >: OK, for the record I asked sam@. He says that the VPN1401 has issues : >: for (at a minimum) symmetric crypto ops, but he hasn't had time to : >: investigate and doesn't own a 1401, so... : >: : >: He also says that he considers the Broadcom 582x is the best : >: accelerator available, except that it isn't available retail. :-( : >: : >: So, it looks like my choices are rapidly narrowing. It seems that the : >: powercrypt cards are well-supported, perhaps I'll give them a call. : >: : >: ==ml : >: : >: -- : >: Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org : >: "I'm sorry, but 'Social Darwinism' is no excuse for killing all of : >: your co-workers." -- Ivan Brunetti : >: http://www.BlackHelicopters.org/~mwlucas/ : >: _______________________________________________ : >: freebsd-security@freebsd.org mailing list : >: http://lists.freebsd.org/mailman/listinfo/freebsd-security : >: To unsubscribe, send any mail to : >"freebsd-security-unsubscribe@freebsd.org" : > : >-- : >_______________________________________________ : >freebsd-security@freebsd.org mailing list : >http://lists.freebsd.org/mailman/listinfo/freebsd-security : >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040415145148.GA99338>