Subject: Re: Hifn crypto driver: does it work for anyone?
To: Gilles Roy <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 10/16/2005 16:35:03
[ I've added tech-crypto, which should have been there in the first place. ]
On Sun, Oct 16, 2005 at 03:51:42PM -0400, Gilles Roy wrote:
> I've used the NetBSD hifn driver with Soekris VPN1401 (actually a hifn
> 7955 chip inside) and the driver worked fine under heavy loads for short
> periods of time (benchmarking).
> Of course, only encryption works. The driver has an off by twelve bug
> when it reads the result of any hash operation (it adds 12 bytes to a
> pointer before the callback, and adds twelve again inside of the
> callback). I sent a patch that fixes this to the list a few months ago.
I missed the patch the first time. Applying it causes my FAST_IPSEC
kernel in the machine with the 7955 to correctly handle AES/MD5 ESP
packets... for about a minute after boot (a few tens of kilobytes of
traffic). So it looks to be correct, and it's an improvement; I have
However, that same machine still displays the symptom where the whole
crypto subsystem grinds to a halt after it's run for a minute or so (and
a few tens of kilobytes of traffic via ipsec, plus a few megabytes via
OpenSSH's use of /dev/crypto have flowed through). I'm rebuilding it
with options KTRACE so at least I can see what error code, exactly,
the /dev/crypto operations are returning. When this happens, IPsec
traffic stops too.
Sigh. Thanks for the patch!