Subject: Re: kern/26596
To: Jonathan Stone <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 06/12/2005 18:01:50
On Sun, Jun 12, 2005 at 02:38:58PM -0700, Jonathan Stone wrote:
> Christian Sorensen (sp?) from Soekris kindly sent me the older Soekris
> board with a slower Hifn (vpn120x) which I can re-install tomorrow
> (I dont have it with me, and I cant get remote access to where it is).
> IIRC, Sam Leffler added support for the newer hifn chips to the
> FreeBSD-4 driver and confirmed that they worked; if so, that's one
> "known good" data-point to work from.
> (Hmm, its not as simple as running out of hardware contexts, is it?)
I don't think it is -- unfortunately I can't tear my router apart right
now to put the 1401 back into it to test, but I believe I reproduced
the problem quickly after a boot; the details should be in the mail I
sent you about it a couple of months ago, I think (I hope?).
A user on one of the mailing lists also mentioned that he can't seem to
get any hash operations to work right with the hifn driver. I didn't
try to reproduce that, but it's an interesting line of attack: both
IPsec and SSH are indeed going to use keyed hashes while, for example,
"openssl speed des" or "openssl speed aes", just as obvious tests one
could run, won't -- maybe the problem is _only_ with the hash functions?
I believe I noted in my earlier mail that there was almost no difference
in speed when doing "openssl speed aes" using the /dev/crypto engine or
even if I removed /dev/crypto entirely to force use of the software
engine. That doesn't seem right, either, but I did confirm at the time
that requests seemed to be in fact being made on the crypto device, so
again I'm... not sure what to think.