Followup to: <7DAA70BEB463D211AC3E00A0C96B7AB20344B997@orsmsx41.jf.intel.com>
By author: "Strahm, Bill" <bill.strahm@intel.com>
In newsgroup: linux.dev.kernel
>
> Not quite
>
> The problem with having a library perform the operation and not kernel space
> drivers is that it would require that you ship the buffer to be encrypted
> over the PCI bus to the crypto accelerator, have it encrypt, ship it back
> over the PCI bus to the library that would pass it on to the stack that
> would ship it over the PCI bus to the NIC to go out on the wire...
>
> While that is what you have to do for a generic hardware crypto accelerator,
> I am talking about having the crypto accelerator on the NIC itself. What I
> want to do is frame the packet, build a structure to pass to the nic Out of
> Band (which is how at least Intel's NIC works) that tells the nic how to
> apply security. Pass the whole packet over the PCI bus to the NIC, then
> have the NIC encrypt (or decrypt) and spit it out the wire...
>
> Doing this I can get around 80 Mbit/Sec throughput using about 1/2 of a
> Celeron 500 processor on Win2K running IPsec, only doing software encryption
> I can get about 12 Mbit/Sec using 100% of the same processor. YMMV
>
This seems like a reasonably good reason to put some kind of
encryption stack support in the kernel. That would definitely be a
2.5 issue. You may want to get in touch with the kerneli and
FreeS/WAN people about this.
-hpa
-- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot." http://www.zytor.com/~hpa/puzzle.txt- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:16 EST