Date: Tue, 10 Mar 2009 13:30:59 +0900 From: Pyun YongHyeon <pyunyh@gmail.com> To: Bruce Simpson <bms@incunabulum.net> Cc: stable@freebsd.org, Beat Siegenthaler <beat.siegenthaler@beatsnet.com> Subject: Re: fxp unusable after make world Message-ID: <20090310043059.GC9482@michelle.cdnetworks.co.kr> In-Reply-To: <49B538BC.3080108@incunabulum.net> References: <49B1AC25.3000700@onetel.com> <27998819.871236382003017.JavaMail.HALO$@halo> <1d001f850903061814k2577f3ccs94be86bcc87b9efd@mail.gmail.com> <49B38AEF.8070909@beatsnet.com> <20090308093653.GD1531@michelle.cdnetworks.co.kr> <49B3FAA3.9010302@beatsnet.com> <20090309000610.GA5039@michelle.cdnetworks.co.kr> <49B538BC.3080108@incunabulum.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 09, 2009 at 03:41:48PM +0000, Bruce Simpson wrote:
> Pyun YongHyeon wrote:
> >Your controller looks like i82550. 82550/82551 has nice hardware
> >cryptographic capability for IPSec acceleration but it's not used
> >at all under FreeBSD. Intel's open source developer manual didn't
> >even mention the existence of cryptographic capability.
> >
>
> I had a crack at this about 5-6 years ago.
>
> Now that the descriptor ring format is fairly well known for fxp, reverse
> engineering is feasible, as the setup uses the normal NDIS hooks which
> Microsoft added for offloading cryptographic operations. Those *are*
> documented.
>
I don't think the descriptor format is well known for IPSec
processing. Intel didn't even show VLAN related bit in 82550/82551
Rx descriptor format.
What might be hard to know would be
o what kind of acceleration is done by hardware and how to active
specific features
o how SAs are managed in hardware
o errata information
> Making it work is another matter entirely...
AFAIK hardware supported by fxp(4) and txp(4) can offload IPSec
processing. Sun's Cassini+ also seems to have rudimentary support
for IPSec packets but I'm not sure how useful it is. Because I
don't use IPSec at all I have no interests in IPSec acceleration
at this moment. 3Com's Typhoon2 datasheet gives more information on
IPSec acceleration so it would be easier to start with txp(4).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090310043059.GC9482>