Subject: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
To: Martin Husemann <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-kern
Date: 11/19/2003 10:02:04
[cc: trimmed  to tech-kern/tech-userlevel]

In message <>Martin Husemann writes
>On Tue, Nov 18, 2003 at 04:07:23PM -0800, Jonathan Stone wrote:
>> I added stanzas for opencrypto and hardware crypto accelerators to the
>> i386 GENERIC config. (Besides the PCI devices we have, FreeBSD
>> supports one more PCI device, and I know of at least one pc-card
>> accelerator with open-source drivers.)
>Could you recommend PCI devices for the clueless geeks like me? And
>which is that pc-card device you mentioned?

For the price-conscious buyer:

The Soekris vpn1201 ( has a Hifn 7951; they
have a prototype follow-on with a Hifn 7955 which adds AES support.
Soekris kindly sent me a vpn1201 for NetBSD driver development, so it
should continue to be well-supported. The 7951 does DES and 3DES
somewhat faster than a 1ghz P3; but without eating the entire CPU
doing crypto.

For the performance-at-any-cost buyer: 
   The bcm5823 is the fastest device we currently support.  A local San
Jose company, Interface Masters ( will
sell quantity-1 boards.  (Ask for Ben Askarinam, tell him I recommended
you there).

There are FreeBSD (and OpenBSD?) drivers for the SafeNet card;
I could port a driver if anyone really wants one.
For pc-card (pcmcia/cardbus): I know of one pcmcia device, but its
aimed at the Linux PDA/wireless market, circa 1Mbyte/sec throughput,
if memory serves. No device driver support yet.  I'd like to get one
just for the hell of it, but I have 2 or 3 other higher-priority
NetBSD items (e.g., adding v6 support to fast-ipsec).

If anyone knows of a cardbus card, or docs for the IPsec offload for
10/100 cardbus nics, i'd love to get my hands on them.