Subject: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
To: Martin Husemann <firstname.lastname@example.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 11/19/2003 10:02:04
[cc: trimmed to tech-kern/tech-userlevel]
In message <20031119131533.GC10208@drowsy.duskware.de>Martin Husemann writes
>On Tue, Nov 18, 2003 at 04:07:23PM -0800, Jonathan Stone wrote:
>> I added stanzas for opencrypto and hardware crypto accelerators to the
>> i386 GENERIC config. (Besides the PCI devices we have, FreeBSD
>> supports one more PCI device, and I know of at least one pc-card
>> accelerator with open-source drivers.)
>Could you recommend PCI devices for the clueless geeks like me? And
>which is that pc-card device you mentioned?
For the price-conscious buyer:
The Soekris vpn1201 (http://www.soekris.com/) has a Hifn 7951; they
have a prototype follow-on with a Hifn 7955 which adds AES support.
Soekris kindly sent me a vpn1201 for NetBSD driver development, so it
should continue to be well-supported. The 7951 does DES and 3DES
somewhat faster than a 1ghz P3; but without eating the entire CPU
For the performance-at-any-cost buyer:
The bcm5823 is the fastest device we currently support. A local San
Jose company, Interface Masters (http://www.interfacemasters.com) will
sell quantity-1 boards. (Ask for Ben Askarinam, tell him I recommended
There are FreeBSD (and OpenBSD?) drivers for the SafeNet card;
I could port a driver if anyone really wants one.
For pc-card (pcmcia/cardbus): I know of one pcmcia device, but its
aimed at the Linux PDA/wireless market, circa 1Mbyte/sec throughput,
if memory serves. No device driver support yet. I'd like to get one
just for the hell of it, but I have 2 or 3 other higher-priority
NetBSD items (e.g., adding v6 support to fast-ipsec).
If anyone knows of a cardbus card, or docs for the IPsec offload for
10/100 cardbus nics, i'd love to get my hands on them.