VIA/ACE PadLock integration with crypto(9).
Mike Tancsa
mike at sentex.net
Sat Aug 13 18:24:24 GMT 2005
At 03:46 AM 13/08/2005, Pawel Jakub Dawidek wrote:
>On Sat, Aug 13, 2005 at 01:45:44AM -0400, Mike Tancsa wrote:
>+> Is there something else that needs to be done to tell crypto(4)
>or FAST_IPSEC to use the "hardware" in this case ?
>
>I'm not sure why you need to set net.inet.ipsec.crypto_support to 1 for
>this. Shouldn't be needed.
>
>If you want to figure it out, you may place debug print into
Will do. I will play with it over the weekend.
Overnight I also let a copy of netperf run blasting various network
tests across the IPSEC tunnel and all was as expected. I had to
enable polling on the box as it was getting dangerously close to
livelock with the high level of interrupts. At 1500 HZ its still
quite fast, forwarding IPSEC traffic at 60Mb/s and the box is VERY
responsive. Without the padlock.ko, it comes in just at 23Mb/s.
+> Also, I came across a small ipsec bug while testing
>+>
>+> http://www.freebsd.org/cgi/query-pr.cgi?pr=84860
>
>It could be RELENG_5 specific, as it uses rijndael implementation
>which was removed after RELENG_5 (there is no sys/opencrypto/rijndael.c
>anymore). Maybe rijndael version from sys/crypto/ handles it better?
>This needs to be verified.
Actually this happens in RELENG_6 as well. I have updated the PR
with a crash dump and back trace.
---Mike
More information about the freebsd-current
mailing list