Date: Wed, 09 Jul 2008 15:31:30 -0400 From: Mike Tancsa <mike@sentex.net> To: Patrick =?iso-8859-1?Q?Lamaizi=E8re?= <patfbsd@davenulle.org>, freebsd-stable@freebsd.org Subject: Re: AMD Geode LX crypto accelerator (glxsb) Message-ID: <200807091931.m69JVWej032290@lava.sentex.ca> In-Reply-To: <20080622170507.5ac469d2@baby-jane-lamaiziere-net.local> References: <20080606234135.46144207@baby-jane-lamaiziere-net.local> <20080622170507.5ac469d2@baby-jane-lamaiziere-net.local>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:05 AM 6/22/2008, Patrick Lamaizi=E8re wrote:
>Le Fri, 6 Jun 2008 23:41:35 +0200,
>Patrick Lamaizi=E8re <patfbsd@davenulle.org> a =E9crit :
>
>Hello,
>
> > I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE
> > (via the NetBSD port).
> > " The glxsb driver supports the security block of the Geode LX
> > series processors. The Geode LX is a member of the AMD Geode family
> > of integrated x86 system chips.
Hi,
Thanks for porting this over! I am just=20
trying it now with ipsec on a soekris 5501
Without the module loaded, I can do something simple like
# sh s
# cat s
MEOUTSIDE=3D64.x.x.x
MEINSIDE=3D192.168.5.0/24
REMOTEOUTSIDE=3D64.y.y.y
REMOTEINSIDE=3D192.168.1.0/24
IPSECKEY=3DzxzpprlNH61N11SGfrCa8dxZ
setkey -c <<EOF
add $MEOUTSIDE $REMOTEOUTSIDE esp 1049=20
-m any -E rijndael-cbc "$IPSECKEY";
add $REMOTEOUTSIDE $MEOUTSIDE esp 1049=20
-m any -E rijndael-cbc "$IPSECKEY";
spdadd $MEINSIDE $REMOTEINSIDE any -P=20
out ipsec esp/tunnel/$MEOUTSIDE-$REMOTEOUTSIDE/require;
spdadd $REMOTEINSIDE $MEINSIDE any -P=20
in ipsec esp/tunnel/$REMOTEOUTSIDE-$MEOUTSIDE/require;
EOF
But if I load the glxsb modules, setkey fails on the same policy.
# setkey -F
# setkey -FP
# setkey -DP
No SPD entries.
# kldload glxsb
# dmesg | tail
vr0: link state changed to DOWN
vr0: link state changed to UP
vr0: promiscuous mode enabled
vr0: promiscuous mode disabled
vr1: promiscuous mode enabled
vr1: promiscuous mode disabled
vr1: promiscuous mode enabled
vr1: promiscuous mode disabled
glxsb0: detached
glxsb0: <AMD Geode LX Security Block=20
(AES-128-CBC,RNG)> mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on pci0
# sh s
The result of line 1: Invalid argument.
The result of line 2: Invalid argument.
#
What is the proper AES encryption to use for=20
IPSEC ? Why is there a difference in syntax=20
? This is RELENG_7 from a few days ago. If I=20
change the crypto to 3des-cbc, it works, but its=20
not making use of the crypto offload of course.
---Mike=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807091931.m69JVWej032290>