VIA encryption acceleration support

Home Page Forums Network Management Request a new feature VIA encryption acceleration support

This topic contains 3 replies, has 0 voices, and was last updated by  KLGIT 9 years, 5 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #41795

    KLGIT
    Member

    I asked about this in another post. Didn’t hear anything so I’d like to request this as a feature.
    The newer VIA processors include hardware encryption acceleration that makes VPN’s etc. much much faster. This would enable more VPN tunnels and remote users with the same hardware.

    VIA already has released kernel patches and instructions for doing this, it would just need to be incorporated into Zeroshell.

    I’d help where I can, but I’m certainly no kernel hacker.

    Given the number of people I see posting that they are running on VIA embedded hardware, this should benefit a lot of users.

    I also see the m0n0wall and pfSense already incorporate support for the hardware encryption engine. However, those are inferior to Zeroshell in a lot of areas, particularly QoS and traffic shaping. It would make a great addition to Zeroshell to have the encryption acceleration as well IMHO.

    Thanks.

    #48458

    KLGIT
    Member

    OK, apparently the current version of Zeroshell (1.0beta12) does support Padlock hardware. However it doesn’t appear to be detected and used by default.

    So, I’d like to change my request to allow Zeroshell users to enable Padlock support.

    It seems that the easiest way (at least for apps that use ssl_lib) is to let users choose to replace OpenSSL with a patched version. This causes all apps that use the lib to use the hardware acceleration engine.

    The patch is available at:
    http://www.logix.cz/michal/devel/padlock/

    see the section …
    Once you get bored with patching heaps of client programs have a look at this patch from Cecilia: openssl-0.9.8e-engine.diff, 2008-09-12 22:01
    “The openssl-0.9.8e patch will make the ssl-library to load the padlock engine. This means, if you apply the openssl-0.9.8e patch, you do not have to apply any other patches or modifications, since every time the ssl-library is called, the padlock-engine is initialized by the ssl-library.”
    In other words – Patch for OpenSSL to always load PadLock engine.

    #48459

    AtroposX
    Member

    That’d be great if there was support for SSL hardware accelerator card such as the Cavium 1120 add-in cards, to off-load the SSL encrytption/decryption to the co-processor card, rather than on the host cpu.

    #48460

    KLGIT
    Member

    That’s exactly what the VIA offers. It has hardware encryption acceleration. But better than being on a separate card, it is built into the CPU.
    This has a lot of performance advantages over an add-on card. You can see this in the benchmark results vs. the Pentium D.
    The VIA chip was designed for exactly this kind of use. In an embedded VPN router application.
    I can confirm that enabling it not only improves encryption speeds, but lowers overall CPU usage.

    #48461

    AtroposX
    Member

    Those cards though are a good buy though, on $30 on ebay.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.