Re: Looking for *cheap* embedded platform w- 2 ethernets
On Fri, Jun 20, 2008 at 08:07:46PM -0700, joe mcguckin wrote: I'm looking for a cheap and small embedded platform to use as a portable vpn endpoint. It doesn't have to be fast, it just has to run *BSD. Any suggestions?? We build our own ARM9 based board: http://www.small-control.de/FSB-A920-1.html http://www.small-control.de/FSB-A920-1-APG.html -- B.Walter [EMAIL PROTECTED] http://www.bwct.de Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for *cheap* embedded platform w- 2 ethernets
On Sun, 22 Jun 2008 11:58:32 +0200 Bernd Walter [EMAIL PROTECTED] wrote: On Fri, Jun 20, 2008 at 08:07:46PM -0700, joe mcguckin wrote: I'm looking for a cheap and small embedded platform to use as a portable vpn endpoint. It doesn't have to be fast, it just has to run *BSD. Any suggestions?? We build our own ARM9 based board: http://www.small-control.de/FSB-A920-1.html http://www.small-control.de/FSB-A920-1-APG.html Looks like it's soldered by hand. Is it? --- Gary Jennejohn ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CFT: BSD-licensed grep [Fwd: cvs commit: ports/textproc/bsdgrep Makefile distinfo]
Andrey Chernov escribió: On Wed, Jun 18, 2008 at 12:40:24PM +0200, Dag-Erling Sm??rgrav wrote: For grep, I believe it should simply be a matter of calling setlocale(), using wide strings, and using a multibyte regex engine (for appropriate values of simply). See my prev reply telling more details. Using wide strings is not so easy, f.e. all ctype BSD grep now uses should be converted to wctype, input conversion added, etc. I've started to work on doing this big change, the first step: http://kovesdan.org/patches/grep-i18n.diff It doesn't work though, each file is recognized as binary with this change. Do you have any idea, why this happens? What am I doing wrong? Regards, Gabor ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CFT: BSD-licensed grep [Fwd: cvs commit: ports/textproc/bsdgrep Makefile distinfo]
On Sun, Jun 22, 2008 at 02:58:17PM +0200, Gabor Kovesdan wrote: Andrey Chernov escribi?: On Wed, Jun 18, 2008 at 12:40:24PM +0200, Dag-Erling Sm??rgrav wrote: For grep, I believe it should simply be a matter of calling setlocale(), using wide strings, and using a multibyte regex engine (for appropriate values of simply). See my prev reply telling more details. Using wide strings is not so easy, f.e. all ctype BSD grep now uses should be converted to wctype, input conversion added, etc. I've started to work on doing this big change, the first step: http://kovesdan.org/patches/grep-i18n.diff 1) You can't convert just whole buffer after fread() since it can be ended in the middle of multibyte sequence on BUFSIZ edge. Look how GNU utils do it. 2) Better use iswspace and iswcntrl instead of iswctype. 3) util.c needs to be fixed in several places too. -- http://ache.pp.ru/ ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: AMD Geode LX crypto accelerator (glxsb)
Le Fri, 6 Jun 2008 23:41:35 +0200, Patrick Lamaizière [EMAIL PROTECTED] a écrit : Hello, I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE (via the NetBSD port). The glxsb driver supports the security block of the Geode LX series processors. The Geode LX is a member of the AMD Geode family of integrated x86 system chips. Driven by periodic checks for available data from the generator, glxsb supplies entropy to the random(4) driver for common usage. glxsb also supports acceleration of AES-128-CBC operations for crypto(4). Well, I hope this is the final version. http://user.lamaiziere.net/patrick/glxsb-220608.tar.gz I added a patch for FreeBSD 6 but i'am not able to test it. On 7-STABLE, I've tested with hundred openssl encryptions and some flood pings under ipsec in the background. Looks good for me. If someone can test and review it, it would be cool. Thanks, Regards. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for *cheap* embedded platform w- 2 ethernets
joe mcguckin wrote: I'm looking for a cheap and small embedded platform to use as a portable vpn endpoint. It doesn't have to be fast, it just has to run *BSD. Any suggestions?? You'll probably have to define what cheap means to you. I don't have much experience with small / embedded equipment but this product: http://www.fit-pc.com/new/specifications.html works for me ($300). signature.asc Description: OpenPGP digital signature
Re: AMD Geode LX crypto accelerator (glxsb)
On Sun, Jun 22, 2008 at 6:05 PM, Patrick Lamaizière [EMAIL PROTECTED] wrote: Le Fri, 6 Jun 2008 23:41:35 +0200, Patrick Lamaizière [EMAIL PROTECTED] a écrit : Hello, I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE (via the NetBSD port). The glxsb driver supports the security block of the Geode LX series processors. The Geode LX is a member of the AMD Geode family of integrated x86 system chips. Driven by periodic checks for available data from the generator, glxsb supplies entropy to the random(4) driver for common usage. glxsb also supports acceleration of AES-128-CBC operations for crypto(4). Well, I hope this is the final version. http://user.lamaiziere.net/patrick/glxsb-220608.tar.gz I added a patch for FreeBSD 6 but i'am not able to test it. On 7-STABLE, I've tested with hundred openssl encryptions and some flood pings under ipsec in the background. Looks good for me. If someone can test and review it, it would be cool. Thanks, Regards. It compiles on without a problem on 6.2 and loads on my Soekris Net5501-70 running pfSense (6.2-RELEASE-p11) glxsb0: AMD Geode LX Security Block (AES-128-CBC,RNG) mem 0xa000-0xa0003fff irq 10 at device 1.2 on pci0 Thanks!, Niki ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: AMD Geode LX crypto accelerator (glxsb)
Le Sun, 22 Jun 2008 19:40:04 +0200, Ivan Voras [EMAIL PROTECTED] a écrit : Ivan Voras wrote: The results are practically the same. On the other hand: ursaminor:~/admin/glxsb dd if=/dev/zero bs=4k count=10 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij 10+0 records in 10+0 records out 40960 bytes transferred in 77.653939 secs (5274684 bytes/sec) ursaminor:~/admin/glxsb dd if=/dev/zero bs=4k count=10 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij -engine cryptodev engine cryptodev set. 10+0 records in 10+0 records out 40960 bytes transferred in 21.486846 secs (19062826 bytes/sec) So I guess it works. Any idea why openssl speed doesn't show it? On FreeBSD 7, OpenSSL does not use the cryptodev engine by default. This is a known problem. See http://unix.derkeiler.com/Mailing-Lists/FreeBSD/hackers/2008-06/msg00076.html openssl speed -evp aes-128-cbc -elapsed -engine cryptodev ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: AMD Geode LX crypto accelerator (glxsb)
2008/6/22 Patrick Lamaizière [EMAIL PROTECTED]: openssl speed -evp aes-128-cbc -elapsed -engine cryptodev I see the -evp parameter makes the difference in openssl speed: openssl speed -engine cryptodev -elapsed -evp aes-128-cbc aes-128-cbc engine cryptodev set. You have chosen to measure elapsed time instead of user CPU time. To get the most accurate results, try to run this program when this computer is idle. Doing aes-128 cbc for 3s on 16 size blocks: 1005992 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 64 size blocks: 262256 aes-128 cbc's in 3.01s Doing aes-128 cbc for 3s on 256 size blocks: 66470 aes-128 cbc's in 3.01s Doing aes-128 cbc for 3s on 1024 size blocks: 16575 aes-128 cbc's in 3.01s Doing aes-128 cbc for 3s on 8192 size blocks: 2087 aes-128 cbc's in 3.01s Doing aes-128-cbc for 3s on 16 size blocks: 74195 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 64 size blocks: 69208 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 256 size blocks: 64154 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 1024 size blocks: 44369 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 8192 size blocks: 9512 aes-128-cbc's in 3.01s OpenSSL 0.9.8e 23 Feb 2007 built on: Tue Apr 15 19:40:37 CEST 2008 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: gettimeofday The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128 cbc 5359.57k 5577.49k 5654.53k 5639.81k 5679.65k aes-128-cbc394.62k 1471.97k 5457.89k15097.21k25895.72k ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: AMD Geode LX crypto accelerator (glxsb)
On Sunday 22 June 2008 19:20:41 Patrick Lamaizière wrote: On FreeBSD 7, OpenSSL does not use the cryptodev engine by default. This is a known problem. See http://unix.derkeiler.com/Mailing-Lists/FreeBSD/hackers/2008-06/msg00076.ht ml openssl speed -evp aes-128-cbc -elapsed -engine cryptodev Try patching openssl to force the use of the crypto hardware by default (like ssh, etc) ~Peg --- eng_cryptodev.c.orig2008-02-05 18:10:31.0 + +++ eng_cryptodev.c 2008-06-14 18:25:36.175353823 +0100 @@ -1127,6 +1127,7 @@ } ENGINE_add(engine); + ENGINE_set_default_ciphers(engine); ENGINE_free(engine); ERR_clear_error(); } ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Kernel module advice for bandwidth monitor
Hello All, I am just starting to dig into FreeBSD kernel development and the pfil interface in particular. I am in need of some advice and possibly some pointers to relevant documentation. I want to develop a bandwidth control driver and the associated monitoring code. It seems that the bandwidth control part of the equation is fairly straight forward with regard to the pfil framework. However, my current dilemma centers around the best way to implement monitoring. There seem to be several approaches to doing this. There is the bandwidth control driver itself, the bpf interface and the pcap library. My question concerns performance and network latency. It would be a given that any approach to monitoring is going to add some overhead in these areas, but I'm interested in minimizing this as much as possible. This is precisely where I was hoping to get some advice from the kernel gurus out there. I assume that it is possible for a kernel driver to communicate over the network. If, so it would seem that no context switch to user space would be necessary to transmit stats to another monitor machine. If the bpf or pcap mechanisms were employed, user space would become involved. Given the various methods of accessing packet data, and the fact that I want to send stats to another machine, which approach would require the least overhead? Also, are there any good docs or possibly some code that I could look at that would illustrate the requirements/details of network communication from within a kernel driver? I searched the relevant lists for this, but was not able to find anything that looked like what I needed. I apologize if I have missed something. Please forgive my newbness as I'm just starting out. Hopefully my questions are not too foolish ;) Thanks, Gerry ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]