similar to: hifn(4) causing system lockup

Hi there! we are thinking of deploying a IPSEC VPN concentrator using multiple PCI bus version VPN1401 cards in a FreeBSD box using hifn support.. From the technical specs in Soekris website http://www.soekris.com/vpn1401.htm, each card can support 24 to 70 connections. The question is if we put 3 VPN1401 cards in a single box, does this mean the FreeBSD box can support 3 x (24 to 70) IPSEC

Hi, Just got some of the new Soekris 1401 VPN cards based on the hifn 7955 chip. hifn0 mem 0xe8510000-0xe8517fff,0xe8518000-0xe8519fff,0xe851a000-0xe851afff irq 5 at device 0.0 on pci1 hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions vs hifn0 mem 0xeb902000-0xeb902fff,0xeb901000-0xeb901fff irq 10 at device 8.0 on pci0 hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions When it says "n

Hi, I'm pondering building my own SSL accelerator out of a multi-CPU FreeBSD system and a crypto accelerator. What's the recommended hardware crypto accelerator card these days? Thanks, ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org Today's chance of throwing it all away to start a goat farm: 49.1% http://www.BlackHelicopters.org/~mwlucas/

I got roughly the same performance results when I use the openssl speed test with and without a hifn 7956 cryto card Here's what I did: After the card is plugged in, kldload hifn; kldload cryptodev; I got the message: hifn0 mem 0xfc8f0000-0xfc8f7ffff, 0xfc8f0000-0xfc8f7ffff, 0xfc8f0000-0xfc8f7ffff irg 28 at device 3.0 on pci1 hifn0: Hifn 7956, rev 0, 32KB dram, pll=0x800<pci clk, 4x

hail, I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to test and study if I can make my home server this box and this way. It will be a simple server, three users tops. I followed the handbook and made the geli step on the disks: Geom name: label/zfs1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software UsedKey: 0 Flags:

/usr/src/sys/modules/hifn/Makefile appears to need an update to make it same as HEAD. Same with ..modules/ubsec/Makefile. Patches: Index: Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/ubsec/Makefile,v retrieving revision 1.2.2.1 diff -u -r1.2.2.1 Makefile --- Makefile 21 Nov 2002 23:38:47 -0000 1.2.2.1 +++ Makefile 5 Jun 2003

Is anyone successfully using some sort of hardware crypto solution to combat the overhead of SSL in http transactions? I'd love to hear anything good or bad about this. -Bill -- -=| Bill Swingle - <unfurl@(dub.net|freebsd.org)> -=| Every message PGP signed -=| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223 -=| "Computers are useless. They can only give you

Is anyone else seeing this: perl @/kern/makeops.pl -h @/opencrypto/crypto_if.m rm -f .depend mkdep -f .depend -a -nostdinc -D_KERNEL -DKLD_MODULE -I- -I. -I@ -I@/../include -I/usr/obj/usr/local/src-STABLE/src/i386/usr/include /usr/local/src-STABLE/src/sys/modules/hifn/../../dev/hifn/hifn7751.c /usr/local/src-STABLE/src/sys/modules/hifn/../../dev/hifn/hifn7751.c:47: opt_hifn.h: No such file or

I have a zpool that consists for a two-drive mirror. The two times I took the zpool offline, I had to resilver one of the drives (the same drive both times) when I imported it back. All drives in the pool show no read, write, or checksum errors and are new, so I'm looking to a software problem before hardware. Both drives are encrypted geli devices. I tried to reproduce the error with 1GB

Hi Freebies!! I know F-BSD 4.8 supports a framework in the kernel to use crypto functions from hifn crypto cards. Is there any of these cards that support custom crypto? What is the best route to go if I want to support IPSec (and maybe other) crypto functions but with custom crypto algorithms? Any info or ideas will be appreciated. Thanks Peut

Hi. geli(8) from FreeBSD-CURRENT is now able to perform data integrity verification (data authentication) using one of the following algorithms: - HMAC/MD5 - HMAC/SHA1 - HMAC/RIPEMD160 - HMAC/SHA256 - HMAC/SHA384 - HMAC/SHA512 One of the main design goals was to make it reliable and resistant to power failures or system crashes. This was very important to commit both data update and HMAC

Howdy, <this messages is cross posted in freebsd-security and freebsd-net> I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x. By perusing through the crypto-dev (and subsequently referenced) man page(s) I found this list: Hifn 7751/7951/7811/7955/7956 crypto accelerator SafeNet 1141/1741 Bluesteel 5501/5601 Broadcom

Hello people, I have been experiencing a weird problem with 4.8-STABLE for a long time. I was ignoring it, thinking that it was a problem with the SCSI disks or perhaps the contoller. I changed the disks from the original Intel box to a Compaq box and I still noticed the problem was there. What happened is that all of a sudden, the disk would 'fill' up with nothing! Yes, that's true.

Hello, i want to encrypt my HDD's with GELI (not the root-fs, though). I want to do the encryption without password, just with a key. The key should be stored in a floppy disk, and the read should be read automatically on boot, from the floppy. There is a problem here, because GELI initializes _before_ mounting the disks from /etc/fstab (for obvious reasons, of course). So GELI is not able

Hello, I was playing around with geli an gbde after last EuroBSDCon. I liked the idea of encrypting my data which resides in /home/$user. Since this is a "single" user laptop i intended to encrypt the whole /home partition. Well no problems with that. But i wanted the lockfile or keyfile on a seperate usb disc. Which would be mounted or used during boot of the system. I also used

Hi. I'm moving some of my geli installation to a new machine. On an old machine it was running UFS. I use ZFS on a new machine, but I don't have an encrypted main pool (and I don't want to), so I'm kinda considering a way where I will make a zpool on a zvol encrypted by geli. Would it be completely insane (should I use UFS instead ?) or would it be still valid ? Thanks. Eugene.

Hi, Somehow[TM] an installation of 4.11 to ad0s3 managed to wipe out my existing disklabel for 7.0 on ad0s4. I now need to recover the disklabel to get my system to boot! There were three labels - ad0s4a: UFS, exact size unknown. Is it possible to infer this from the UFS partition size? I can mount this already, as I simply wrote an 'a' label of maximum size to the disklabel - ad0s4b:

I'm not really a developer, but was considering if there is a key vulnerability in geli given that when you change a key there isn't a disk update. Consider the scenario where a new file system is created and populated with some files. At a later time the original key is changed because someone has gained access to the key and passphrase. A new key is generated and attached, but none of

Hi all, I'm looking for a way to recreate the functionality of PGP Disk (under Win32). Basically, create an encrypted file, which contains a filesystem which can then be mounted in any mount point. I know I can use GELI in FreeBSD 6 - as I understand, it performs the encryption at the partition level (the whole partition is encrypted). I'd like to be able to simply unmount my

I have just built a new SunFire X4100 server with an Adaptec 2230SLP RAID card using FreeBSD 6.2-PRE kernel (from September 20). Everything is working extremely well except I cannot run the aaccli utility on this controller. When I try to open the controller, it gives this error: Command Error: <The current AFAAPI.DLL is too old to work with the current controller software.> On