OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Sam Leffler (sam_at_errno.com)
Date: Fri Feb 07 2003 - 12:25:27 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > It's said "A new in-kernel cryptographic framework (see crypto(4) and
    > crypto(9)) has been imported from OpenBSD. It provides a consistent
    > interface to hardware and software implementations of cryptographic
    > algorithms for use by the kernel and access to cryptographic hardware for
    > user-mode applications. Hardware device drivers are provided to support
    > hifn-based cards ( hifn(4)) and Broadcom-based cards ( ubsec(4))."
    >
    > "A FAST_IPSEC kernel option now allows the IPsec implementation to use the
    > kernel crypto(4) framework, along with its support for hardware
    > cryptographic acceleration. More information can be found in the
    > fast_ipsec(4) manual page."
    >
    > In this case, if I want to use hardware encryption/decryption, should I
    use
    > fast_ipsec instead of ipsec in the kenerl option? By the way, I am using
    > FreeBSD 4.7 Release. I am also curious if anybody has such experience in
    > this group before my trial. How's the performance?

    4.7-release does not have the new ipsec code. I can't recall if the crypto
    code got in.

    Performance depends on many factors. Give particulars about a configuration
    and the setup of the machine (e.g. firewall, client, server) and I can give
    you hints. In general I see 100% utilization of the crypto h/w under IPsec
    or user load when machines are connected back-to-back with gigE interfaces.
    Start loading the host with other duties (e.g. running ipfw rules) or
    changing the NIC's and I can't say what you'll get.

        Sam

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message