Subject: Re: Hifn crypto driver: does it work for anyone?
To: Gilles Roy <groy@qnx.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-net
Date: 10/16/2005 16:35:03
[ I've added tech-crypto, which should have been there in the first place. ]

On Sun, Oct 16, 2005 at 03:51:42PM -0400, Gilles Roy wrote:
> 
> I've used the NetBSD hifn driver with Soekris VPN1401 (actually a hifn
> 7955 chip inside) and the driver worked fine under heavy loads for short
> periods of time (benchmarking).
> 
> Of course, only encryption works. The driver has an off by twelve bug
> when it reads the result of any hash operation (it adds 12 bytes to a
> pointer before the callback, and adds twelve again inside of the
> callback). I sent a patch that fixes this to the list a few months ago.

I missed the patch the first time.  Applying it causes my FAST_IPSEC
kernel in the machine with the 7955 to correctly handle AES/MD5 ESP
packets... for about a minute after boot (a few tens of kilobytes of
traffic).  So it looks to be correct, and it's an improvement; I have
committed it.

However, that same machine still displays the symptom where the whole
crypto subsystem grinds to a halt after it's run for a minute or so (and
a few tens of kilobytes of traffic via ipsec, plus a few megabytes via
OpenSSH's use of /dev/crypto have flowed through).  I'm rebuilding it
with options KTRACE so at least I can see what error code, exactly,
the /dev/crypto operations are returning.  When this happens, IPsec
traffic stops too.

Sigh.  Thanks for the patch!

Thor