On Tue, 11 Oct 2005 11:14:47 +0200 (CEST), in sentex.lists.freebsd.net you wrote:
>Mike Tancsa wrote: > > [ Oliver Fromme wrote: ] > > > It has survived several buildworlds and network activity > > > without any problems. It's now running today's 6.0-BETA5. > > > Here's a copy of dmesg, if someone's interested: > > > > > > http://www.secnetix.de/~olli/dmesg/epia.6.0-BETA5.txt > > > > IF you use FAST_IPSEC, load the padlock.,ko as it makes a nice speed > > boost! Also, you will need to use the patch in > > http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/86598 > > otherwise you will get the odd SSH problem when using AES > >Sounds cool! I'll give that a try this weekend. >Thanks for the hint. > >However, don't quite understand how things work together. >Is the padlock.ko module used by IPSec only? Or is it >used by OpenSSL, too? Do I have to recompile OpenSSL with >special options? Padlock.ko works with the FreeBSD CryptoDev framework. So things like geil(8) will make use of it as well as anything that uses the cryptodev framework (e.g. FAST_IPSEC). See the docs on cryptodev for more info > >I assume that only AES is supported by the hardware, right? Correct. Not all Via's support it either. The ACE in the CPU features tells you that yours does. >So I have to set up my /etc/ssh/ssh_config to use aes128_cbc >as the first entry in the "Ciphers" line, right? (I've set >it to blowfish by default, because it's faster than aes, >but that's without hardware support, of course.) Yes > >Oh, by the way: What would be an appropriate CPUTYPE for Generally, I have not set it as I have been burned in the past for generally little benefit. >/etc/make.conf for the C3 Nehemiah processor? Currently I >don't set any CPUTYPE at all, but I wonder if there's a >setting for more efficient code generation. According to >the processor information ... > >CPU: VIA C3 Nehemiah+RNG+ACE (1002.28-MHz 686-class CPU) > Origin = "CentaurHauls" Id = 0x698 Stepping = 8 > Features=0x381b83f<FPU,VME,DE,PSE,TSC,MSR,SEP,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE> > >.. it supports MMX and SSE, so CPUTYPE="pentium3" should >work, I think. But I'm not sure. > >Best regards > Oliver -------------------------------------------------------- Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
