| View previous topic :: View next topic |
| Author |
Message |
KLGIT
Joined: 09 Jul 2009
Posts: 22
Location: Canada
|
 Posted: Thu Jul 16, 2009 4:16 pm Post subject: VIA encryption acceleration support |
 |
|
I asked about this in another post. Didn't hear anything so I'd like to request this as a feature.
The newer VIA processors include hardware encryption acceleration that makes VPN's etc. much much faster. This would enable more VPN tunnels and remote users with the same hardware.
VIA already has released kernel patches and instructions for doing this, it would just need to be incorporated into Zeroshell.
I'd help where I can, but I'm certainly no kernel hacker.
Given the number of people I see posting that they are running on VIA embedded hardware, this should benefit a lot of users.
I also see the m0n0wall and pfSense already incorporate support for the hardware encryption engine. However, those are inferior to Zeroshell in a lot of areas, particularly QoS and traffic shaping. It would make a great addition to Zeroshell to have the encryption acceleration as well IMHO.
Thanks. |
|
| Back to top |
|
 |
KLGIT
Joined: 09 Jul 2009
Posts: 22
Location: Canada
|
| Posted: Thu Jul 16, 2009 7:29 pm Post subject: Change feature request. |
|
|
OK, apparently the current version of Zeroshell (1.0beta12) does support Padlock hardware. However it doesn't appear to be detected and used by default.
So, I'd like to change my request to allow Zeroshell users to enable Padlock support.
It seems that the easiest way (at least for apps that use ssl_lib) is to let users choose to replace OpenSSL with a patched version. This causes all apps that use the lib to use the hardware acceleration engine.
The patch is available at:
http://www.logix.cz/michal/devel/padlock/
see the section ...
Once you get bored with patching heaps of client programs have a look at this patch from Cecilia: openssl-0.9.8e-engine.diff, 2008-09-12 22:01
"The openssl-0.9.8e patch will make the ssl-library to load the padlock engine. This means, if you apply the openssl-0.9.8e patch, you do not have to apply any other patches or modifications, since every time the ssl-library is called, the padlock-engine is initialized by the ssl-library."
In other words - Patch for OpenSSL to always load PadLock engine. |
|
| Back to top |
|
|
AtroposX
Joined: 26 Nov 2008
Posts: 155
Location: USA
|
| Posted: Sun Jan 24, 2010 3:31 am Post subject: |
|
|
| That'd be great if there was support for SSL hardware accelerator card such as the Cavium 1120 add-in cards, to off-load the SSL encrytption/decryption to the co-processor card, rather than on the host cpu. |
|
| Back to top |
|
|
KLGIT
Joined: 09 Jul 2009
Posts: 22
Location: Canada
|
| Posted: Tue Jan 26, 2010 4:43 pm Post subject: You're missig the point |
|
|
That's exactly what the VIA offers. It has hardware encryption acceleration. But better than being on a separate card, it is built into the CPU.
This has a lot of performance advantages over an add-on card. You can see this in the benchmark results vs. the Pentium D.
The VIA chip was designed for exactly this kind of use. In an embedded VPN router application.
I can confirm that enabling it not only improves encryption speeds, but lowers overall CPU usage. |
|
| Back to top |
|
|
AtroposX
Joined: 26 Nov 2008
Posts: 155
Location: USA
|
| Posted: Tue Jan 26, 2010 4:44 pm Post subject: |
|
|
| Those cards though are a good buy though, on $30 on ebay. |
|
| Back to top |
|
|
|
Search
Register
Usergroups
Profile
Log in
Private Message
