Hifn 7955 doesn't work with Freebsd 7.0-release
Hi all.. I found the same problem recently, but I also found someone's post on the Internet that suggested a change to the /usr/src/crypto/openssl/crypto/engine/eng_cryptodev.c file. I made the change to the file and it definitely does force openssl to use the crypto hardware. I am not sure if there is any backlash to this patch, but I have used it on 2 of my servers with the Hifn 7955 hardware and it seems to be fine. --- eng_cryptodev.c.orig2008-02-05 18:10:31.0 + +++ eng_cryptodev.c 2008-06-14 18:25:36.175353823 +0100 @@ -1127,6 +1127,7 @@ } ENGINE_add(engine); + ENGINE_set_default_ciphers(engine); ENGINE_free(engine); ERR_clear_error(); } 0n Wed, May 21, 2008 at 08:19:26PM -0700, Sam Leffler wrote: Unfortunately openssl doesn't use the accelerator by default. This means all apps that use openssl likewise are not automatically accelerated. I suggested a patch but it was not accepted. I can't recall how you force openssl and/or consumers to use the device. How annoying is that. Why wasn't the patch accepted ? -aW IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. Ifyou have received this email in error, you are requested to contact the sender and delete the email. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hifn 7955 doesn't work with Freebsd 7.0-release
0n Wed, May 21, 2008 at 08:19:26PM -0700, Sam Leffler wrote: Unfortunately openssl doesn't use the accelerator by default. This means all apps that use openssl likewise are not automatically accelerated. I suggested a patch but it was not accepted. I can't recall how you force openssl and/or consumers to use the device. How annoying is that. Why wasn't the patch accepted ? -aW IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Hifn 7955 doesn't work with Freebsd 7.0-release
Hi, I am trying to setup two Soekris 4521 with a minipci vpn1411 (Hi/fn 7955) in a vpn. I understood that the crypto card should automatically work with only three kernel configuration file modification. So I added these three lines device crypto device cryptodev device hifn I tested with openvpn (the one release with pkg_add). I used the default cipher (I think this is BF-CBC - Blowfish 128 bit). The VPN works but I didn't notice any difference in performance (with or without the crypto card). I also tested the crypto card with AES128 but the performance only got worse (didn't have a baseline for that one) Relevant output: dmesg | grep hifn hifn0 mem 0xa000-0xafff,0xa0002000-0xa0003fff,0xa0008000-0xa000 irq 10 at device 16.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801ext clk, 4x mult dmesg | grep crypto cryptosoft0: software crypto on motherboard uname -a FreeBSD Soekris 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat May 17 10:53:38 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/C5 i386 Any help would be appreciated Richard ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hifn 7955 doesn't work with Freebsd 7.0-release
I tested with openvpn (the one release with pkg_add). I used the default cipher (I think this is BF-CBC - Blowfish 128 bit). The VPN works but I Hi, See the man page for supported ciphers. didn't notice any difference in performance (with or without the crypto card). I also tested the crypto card with AES128 but the performance only got worse (didn't have a baseline for that one) For single crypto streams, you are not going to see any improvement really. Where it works, is when you have multiple connections. e.g. on our old backup server, we would have several dumps coming in over ssh (3des) and the card made a significant reduction in CPU usage. It doesnt really improve single crypto streams performance wise. You can also confirm its working by using hifnstats in /usr/src/tools/tools/ ---Mike ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hifn 7955 doesn't work with Freebsd 7.0-release
Richard van Mansom wrote: Hi, I am trying to setup two Soekris 4521 with a minipci vpn1411 (Hi/fn 7955) in a vpn. I understood that the crypto card should automatically work with only three kernel configuration file modification. So I added these three lines device crypto device cryptodev device hifn I tested with openvpn (the one release with pkg_add). I used the default cipher (I think this is BF-CBC - Blowfish 128 bit). The VPN works but I didn't notice any difference in performance (with or without the crypto card). I also tested the crypto card with AES128 but the performance only got worse (didn't have a baseline for that one) Relevant output: dmesg | grep hifn hifn0 mem 0xa000-0xafff,0xa0002000-0xa0003fff,0xa0008000-0xa000 irq 10 at device 16.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801ext clk, 4x mult dmesg | grep crypto cryptosoft0: software crypto on motherboard uname -a FreeBSD Soekris 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat May 17 10:53:38 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/C5 i386 Any help would be appreciated Unfortunately openssl doesn't use the accelerator by default. This means all apps that use openssl likewise are not automatically accelerated. I suggested a patch but it was not accepted. I can't recall how you force openssl and/or consumers to use the device. If you want to check whether the kernel support is working correctly look in src/tools/tools/crypto for cryptotest and hifnstats. Sam ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]