Re: seeking current supported crypto co-processors

On Fri, Sep 03, 2010 at 02:26:37PM -0700, Ricky Charlet wrote:
Thanks Ivan,

You have some valid points about performance. I was hoping not to get distracted from the main thrust of my question by performance considerations though.

Are their PCIe attachable crypto co-processors with current vendor support for FreeBSD8.x? If anyone else reading this thread want's to chime in with info about current supported crypto co-processors that plug in via PCIe, please drop a note.


However, I think you do deserve a reply on the performance topic...

I am close enough to agreeing with you to not argue much about whether modern CPU parts can saturate a 1 Gb link with crypto data. The CPU part I am currently married to (a touch old but not that bad), seems to be able to through around 200Mb of IP-ESP data around. However, in spite of these observations, I would prefer if my system could handle that throughput load and yet have CPU power left over for other tasks.

I'm very attracted to Andre's mention of "newer x86/amd64
CPU's see: http://en.wikipedia.org/wiki/AES_instruction_set";. Does
anyone know if FreeBSD supports or will support this through either
/dev/crypto or through openssl (or any other mechanism I guess)?
I believe recent OpenSSL 1.x supports AESNI in usermode.

For the AES acceleration in the kernel and /dev/crypto support
see the aesni driver in the recent HEAD, working both on i386 and
amd64 architectures. I had a plan to merge the driver into RELENG_8,
but it is stalled due to some issues (not related to the driver
quality).

Attachment: pgpCDxc1D1dTo.pgp
Description: PGP signature

Relevant Pages

  • Re: seeking current supported crypto co-processors
    ... I believe recent OpenSSL 1.x supports AESNI in usermode. ... For the AES acceleration in the kernel and /dev/crypto support ... see the aesni driver in the recent HEAD, ... I had a plan to merge the driver into RELENG_8, ...
    (freebsd-net)
  • [GIT]: Networking
    ... maintainer making a lot of changes to driver FOO. ... support for networking. ... iwl3945: Fix iwl3945 rate scaling. ... Fix build warning due to typo in %pI4 format changes. ...
    (Linux-Kernel)
  • [GIT]: Networking
    ... Make VLAN and MACVLAN drivers support multiqueue, ... Return type of net driver xmit routines is formalized into ... Lots of bluetooth fixes and cleanups from Marcel Holtmann ... Fix premature termination of FIN_WAIT2, ...
    (Linux-Kernel)
  • [GIT]: Networking
    ... RFKILL rewrite from Johannes Berg. ... IPV6 stateless autoconfig support for ISATAP, ... fix led bug when SW rfkill ... Add watchdog functionality to hfcmulti driver ...
    (Linux-Kernel)
  • Re: CD/DVD drive errors and lost ticks
    ... Try and pass ide=noprobe option to the kernel boot command line and see if that makes a difference first - may be that will allow the SATA/PATA drivers to claim the CDROM before IDE sees it. ... # ACPI Support ... # PCI Hotplug Support ... # Generic Driver Options ...
    (Linux-Kernel)