similar to: HiFn / FAST_IPSEC question

I got roughly the same performance results when I use the openssl speed test with and without a hifn 7956 cryto card Here's what I did: After the card is plugged in, kldload hifn; kldload cryptodev; I got the message: hifn0 mem 0xfc8f0000-0xfc8f7ffff, 0xfc8f0000-0xfc8f7ffff, 0xfc8f0000-0xfc8f7ffff irg 28 at device 3.0 on pci1 hifn0: Hifn 7956, rev 0, 32KB dram, pll=0x800<pci clk, 4x

Hi all, can someone comment on the state of the hifn(4) driver? I've recently upgraded my 6.2-STABLE workstation to RELENG_7, and I'm now experiencing system lockups that seem to be caused by the hifn(4) driver. I've got a Soekris vpn1401 card to help with GELI disk en- cryption. Reading from a GELI volume is causing the system to freeze completely, which does not happen if

/usr/src/sys/modules/hifn/Makefile appears to need an update to make it same as HEAD. Same with ..modules/ubsec/Makefile. Patches: Index: Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/ubsec/Makefile,v retrieving revision 1.2.2.1 diff -u -r1.2.2.1 Makefile --- Makefile 21 Nov 2002 23:38:47 -0000 1.2.2.1 +++ Makefile 5 Jun 2003

Is anyone else seeing this: perl @/kern/makeops.pl -h @/opencrypto/crypto_if.m rm -f .depend mkdep -f .depend -a -nostdinc -D_KERNEL -DKLD_MODULE -I- -I. -I@ -I@/../include -I/usr/obj/usr/local/src-STABLE/src/i386/usr/include /usr/local/src-STABLE/src/sys/modules/hifn/../../dev/hifn/hifn7751.c /usr/local/src-STABLE/src/sys/modules/hifn/../../dev/hifn/hifn7751.c:47: opt_hifn.h: No such file or

Hi Freebies!! I know F-BSD 4.8 supports a framework in the kernel to use crypto functions from hifn crypto cards. Is there any of these cards that support custom crypto? What is the best route to go if I want to support IPSec (and maybe other) crypto functions but with custom crypto algorithms? Any info or ideas will be appreciated. Thanks Peut

Howdy, <this messages is cross posted in freebsd-security and freebsd-net> I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x. By perusing through the crypto-dev (and subsequently referenced) man page(s) I found this list: Hifn 7751/7951/7811/7955/7956 crypto accelerator SafeNet 1141/1741 Bluesteel 5501/5601 Broadcom

Hi, I'm pondering building my own SSL accelerator out of a multi-CPU FreeBSD system and a crypto accelerator. What's the recommended hardware crypto accelerator card these days? Thanks, ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org Today's chance of throwing it all away to start a goat farm: 49.1% http://www.BlackHelicopters.org/~mwlucas/

Hi there! we are thinking of deploying a IPSEC VPN concentrator using multiple PCI bus version VPN1401 cards in a FreeBSD box using hifn support.. From the technical specs in Soekris website http://www.soekris.com/vpn1401.htm, each card can support 24 to 70 connections. The question is if we put 3 VPN1401 cards in a single box, does this mean the FreeBSD box can support 3 x (24 to 70) IPSEC

When using the FAST_IPSEC option in the kernel build, the sysctl variable net.key.prefered_oldsa seems to make no difference. The kernel always chooses an old SA. This problem can be easily reproduced. Just wait till the soft limit of the SA is expired and do a setkey -F on the remote and then ping through the tunnel. Because the old SA's are preferred and the remote no longer has the old

Is anyone successfully using some sort of hardware crypto solution to combat the overhead of SSL in http transactions? I'd love to hear anything good or bad about this. -Bill -- -=| Bill Swingle - <unfurl@(dub.net|freebsd.org)> -=| Every message PGP signed -=| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223 -=| "Computers are useless. They can only give you

Hi All, I'm running stable from August 19/2003. I've got a few A7N8X-Deluxe boards. One Rev1.0 and two Rev2.0. While the 1.0 board works, the 2.0 boards lock up on boot during the uhub0 bus discovery. It's extremely frustrating :) ... While I can boot without the devices and attach them later, the devices ( logitech usb keyboard, logitech mouse, rio800, samsung CDMA adapter,

Hi. geli(8) from FreeBSD-CURRENT is now able to perform data integrity verification (data authentication) using one of the following algorithms: - HMAC/MD5 - HMAC/SHA1 - HMAC/RIPEMD160 - HMAC/SHA256 - HMAC/SHA384 - HMAC/SHA512 One of the main design goals was to make it reliable and resistant to power failures or system crashes. This was very important to commit both data update and HMAC

On Nov 9, 2004, at 10:26 PM, Chris Adams <cmadams at hiwaay.net> wrote: > Message: 4 > Date: Tue, 9 Nov 2004 15:13:36 -0600 > From: Chris Adams <cmadams at hiwaay.net> > Subject: Re: RedHat forks OpenSSH? > To: openssh-unix-dev at mindrot.org > Message-ID: <20041109211336.GC1429068 at hiwaay.net> > Content-Type: text/plain; charset=us-ascii [deletion for

Yesterday I begin a couple of update to the latest 4.8-STABLE. After that the two boxes continues to go in panics as soon as Apache (1.3 from the ports, also freshly recompiled, 2.0.x seems NOT to hang) starts. I don't know if it is related to the other thread : "Kernel core dump in recent 4.8-STABLE" but it is easily reproducible by cvsupping to a today -STABLE and then running

Navigation Bar March-September 2003 Status Report Introduction: The FreeBSD Bi-monthly status reports are back! In this edition, we catch up on seven highly productive months and look forward to the end of 2003. As always, the FreeBSD development crew has been hard at work. Support for the AMD64 platform quickly sprang up and is nearly complete.

Hello, I've met some quite strange reboots recently on my home gateway. I'm trying to reduce its power consumption, so I've loaded the cpufreq(4) driver, and enabled powerd. After this the box started to reboot randomly all over the place. I started to think what can cause the trouble, removing the cpufreq(4) support would be too trivial, so I've removed the ALTQ references from

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sys_netipsec Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sys_netipsec Announced:

Hello List, I have to dualcore Athlon 64 4800+ systems. Initially I was running 4.9 on both of them an was able to get 54mbits thru direct connected realtek 10/100 cards as measured by nttcp. I put stable on one of the system and now can on get 37mbits as measured by nttcp when going thru an ipsec tunnel. Eliminating the tunnel I get 94mbit/sec. Ideas as to why this is happening? Also

Roger Marquis wrote: > [snip] > >It takes all of 2 seconds to generate a ssh 2 new session on a >500Mhz cpu (causing less than 20% utilization). Considering that >99% of even the most heavily loaded servers have more than enough >cpu for this task I don't really see it as an issue. > >Also, by generating a different key for each session you get better >entropy,