Thread: [Ocf-linux-users] OCF compatible driver for HiFN Xcellerator Card 8155HXL-G
Brought to you by:
david-m
Menu
▾
▴
ocf-linux-users
|
From: hiren j. <jos...@gm...> - 2009-03-05 15:55:35
|
Hello, I am having a HiFN Xcellerator Card 8155HXL-G (DS250 - DS255 series). I want to use this card with Openswan/KLIPS via OCF. >From ocf-linux-20080917/ocf/ChangeLog, 2007-07-25 21:25 davidm * Makefile, hifn/Makefile, hifn/hifnHIPP.c, hifn/hifnHIPPreg.h, hifn/hifnHIPPvar.h, ixp4xx/Makefile, ocfnull/Makefile, safe/Makefile, talitos/Makefile: Bring in the hifnHIPP driver written by Xelerance. This is the super hifn chip with full protocol offload. So I think my card - 8155 (which belongs to HIPP-I/II family) is supported. However I noted that in the HIPP driver file (ocf-linux-20080917/ocf/hifn/hifnHIPP.c), the call to crypto_register is commented out: #if 0 /* no code here yet ?? */ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); #endif Also, the callback functions hipp_newsession, hipp_process and hipp_freesession just return EINVAL, and there is no crypto_done, crypto_kdone. So I am just curious about the state of this driver. Please guide me about how should I approach to use this card with OCF for Openswan. Thanks for your time. Regards, hiren |
|
From: David M. <Dav...@se...> - 2009-03-06 02:31:47
|
Jivin hiren joshi lays it down ... > Hello, > > I am having a HiFN Xcellerator Card 8155HXL-G (DS250 - DS255 series). > I want to use this card with Openswan/KLIPS via OCF. > > >From ocf-linux-20080917/ocf/ChangeLog, > > 2007-07-25 21:25 davidm > > * Makefile, hifn/Makefile, hifn/hifnHIPP.c, hifn/hifnHIPPreg.h, > hifn/hifnHIPPvar.h, ixp4xx/Makefile, ocfnull/Makefile, > safe/Makefile, talitos/Makefile: > > Bring in the hifnHIPP driver written by Xelerance. This is the > super hifn chip with full protocol offload. > > So I think my card - 8155 (which belongs to HIPP-I/II family) is supported. > > However I noted that in the HIPP driver file > (ocf-linux-20080917/ocf/hifn/hifnHIPP.c), > the call to crypto_register is commented out: > > #if 0 /* no code here yet ?? */ > crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); > #endif > > Also, the callback functions hipp_newsession, hipp_process and > hipp_freesession just return EINVAL, and there is no crypto_done, crypto_kdone. > > So I am just curious about the state of this driver. Sadly, there is no 8155 or compatible driver. This is just a left over of something that never eventuated IIRC. > Please guide me about how should I approach to use this card with OCF > for Openswan. I think you need to get the appropriate "devkit" from hifn, then write a driver somewhat along the lines of either ixp4xx driver or the ep80579 driver that also rely on externally provided devkits. It is usually a much simpler task to support such devices at they have a nice API etc and you do not need to write a full HW driver. Cheers, Davidm -- David McCullough, dav...@se..., Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org |
|
From: hiren j. <jos...@gm...> - 2009-03-06 05:28:34
|
Hello, Thank you for the answer. > I think you need to get the appropriate "devkit" from hifn, then write a > driver somewhat along the lines of either ixp4xx driver or the ep80579 > driver that also rely on externally provided devkits. Yes, I am having the SDK. > It is usually a much simpler task to support such devices at they have a > nice API etc and you do not need to write a full HW driver. I can think of two ways, and request you to comment on them. 1. With OCF: Incorporate OCF glue in the existing driver I got with SDK. It will allow other sub-systems and applications to use the card. (As I have only one card, session migration is not relevant here.) 2. Without OCF: Native integration with Openswan (KLIPS) using the SDK APIs. This will help me to get full advantage of the card (protocol processing offloading). Regards, hiren |
|
From: David M. <Dav...@se...> - 2009-03-06 06:01:33
|
Jivin hiren joshi lays it down ... > Hello, > > Thank you for the answer. > > > I think you need to get the appropriate "devkit" from hifn, then write a > > driver somewhat along the lines of either ixp4xx driver or the ep80579 > > driver that also rely on externally provided devkits. > > Yes, I am having the SDK. > > > It is usually a much simpler task to support such devices at they have a > > nice API etc and you do not need to write a full HW driver. > > I can think of two ways, and request you to comment on them. > > 1. With OCF: Incorporate OCF glue in the existing driver I got with SDK. > It will allow other sub-systems and applications to use the card. > (As I have only one card, session migration is not relevant here.) Whatever you feel works the best. Starting with an existing OCF driver and swapping the API calls to the hifn API would seem easiest to me, but that is your call. > 2. Without OCF: Native integration with Openswan (KLIPS) using the SDK APIs. > This will help me to get full advantage of the card (protocol > processing offloading). The overhead that OCF adds to the crypto process is very small. I did this test with the IXP driver (look at ocf-bench.c to see the IXP native and OCF parts of the test). There was almost no reduction in crypto speed (IIRC < 1%). This basically means that #1 above is the best choice, and it saves you have to do anything in the openswan code and also lets you accelerate openssl and potentially other things. Cheers, Davidm -- David McCullough, dav...@se..., Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org |
|
From: hiren j. <jos...@gm...> - 2009-03-06 06:32:21
|
>> 1. With OCF: Incorporate OCF glue in the existing driver I got with SDK. >> It will allow other sub-systems and applications to use the card. >> (As I have only one card, session migration is not relevant here.) > > Whatever you feel works the best. Starting with an existing OCF driver > and swapping the API calls to the hifn API would seem easiest to me, > but that is your call. Thank you for suggesting this. >> 2. Without OCF: Native integration with Openswan (KLIPS) using the SDK APIs. >> This will help me to get full advantage of the card (protocol >> processing offloading). > > The overhead that OCF adds to the crypto process is very small. I did > this test with the IXP driver (look at ocf-bench.c to see the IXP native > and OCF parts of the test). I should have been more wordy here. What I mean by protocol processing offloading is - besides crypto, compression and randomization, the 8155 (HIPP II family, DS-250/255 series) card supports following packet processing protocols: - IPSec - AH, ESP, Transport and Tunnel mode, - UDP encapsulation for NAT-T, - IKE, - SSL/TSL/DTLS, - Raw cryptographic transforms So I meant to use these features to completely offload the packet protocol processing (not just crypto operations) by integrating the HiFN APIs with Openswan(KLIPS). > There was almost no reduction in crypto speed (IIRC < 1%). This > basically means that #1 above is the best choice, and it saves you have > to do anything in the openswan code and also lets you accelerate openssl > and potentially other things. Considering the complete protocol processing offloading, I will have to find new hook points in KLIPS. Are there any efforts going on (OCF-2?) that let us use these new features of such cards? Thanks for your time. Regards hiren |
|
From: hiren j. <jos...@gm...> - 2009-03-12 07:16:17
|
Any suggestion/comment/pointers on this would be a great help. Thanks. Regards, hiren On Fri, Mar 6, 2009 at 12:02 PM, hiren joshi <jos...@gm...> wrote: >>> 1. With OCF: Incorporate OCF glue in the existing driver I got with SDK. >>> It will allow other sub-systems and applications to use the card. >>> (As I have only one card, session migration is not relevant here.) >> >> Whatever you feel works the best. Starting with an existing OCF driver >> and swapping the API calls to the hifn API would seem easiest to me, >> but that is your call. > > Thank you for suggesting this. > >>> 2. Without OCF: Native integration with Openswan (KLIPS) using the SDK APIs. >>> This will help me to get full advantage of the card (protocol >>> processing offloading). >> >> The overhead that OCF adds to the crypto process is very small. I did >> this test with the IXP driver (look at ocf-bench.c to see the IXP native >> and OCF parts of the test). > > I should have been more wordy here. > What I mean by protocol processing offloading is - > > besides crypto, compression and randomization, > the 8155 (HIPP II family, DS-250/255 series) card supports > following packet processing protocols: > > - IPSec - AH, ESP, Transport and Tunnel mode, > - UDP encapsulation for NAT-T, > - IKE, > - SSL/TSL/DTLS, > - Raw cryptographic transforms > > So I meant to use these features to completely offload > the packet protocol processing (not just crypto operations) > by integrating the HiFN APIs with Openswan(KLIPS). > >> There was almost no reduction in crypto speed (IIRC < 1%). This >> basically means that #1 above is the best choice, and it saves you have >> to do anything in the openswan code and also lets you accelerate openssl >> and potentially other things. > > Considering the complete protocol processing offloading, > I will have to find new hook points in KLIPS. > > Are there any efforts going on (OCF-2?) that let us use > these new features of such cards? > > Thanks for your time. > > Regards > hiren > |
|
From: David M. <Dav...@se...> - 2009-03-18 06:20:42
|
Jivin hiren joshi lays it down ... > >> 1. With OCF: Incorporate OCF glue in the existing driver I got with SDK. > >> It will allow other sub-systems and applications to use the card. > >> (As I have only one card, session migration is not relevant here.) > > > > Whatever you feel works the best. Starting with an existing OCF driver > > and swapping the API calls to the hifn API would seem easiest to me, > > but that is your call. > > Thank you for suggesting this. > > >> 2. Without OCF: Native integration with Openswan (KLIPS) using the SDK APIs. > >> This will help me to get full advantage of the card (protocol > >> processing offloading). > > > > The overhead that OCF adds to the crypto process is very small. I did > > this test with the IXP driver (look at ocf-bench.c to see the IXP native > > and OCF parts of the test). > > I should have been more wordy here. > What I mean by protocol processing offloading is - > > besides crypto, compression and randomization, > the 8155 (HIPP II family, DS-250/255 series) card supports > following packet processing protocols: > > - IPSec - AH, ESP, Transport and Tunnel mode, > - UDP encapsulation for NAT-T, Currently we have nothing that can take advantage of these. > - IKE, You may be able to take advantage of these, most certainly some of the bignum operations if they are offered (ie., CRT). > - SSL/TSL/DTLS, Probably not much you can use here. > - Raw cryptographic transforms Obviously these should be useful :-). > So I meant to use these features to completely offload > the packet protocol processing (not just crypto operations) > by integrating the HiFN APIs with Openswan(KLIPS). That will be a bit of work and not much that OCF has done to date will help you here. The state machine in KLIPS which came with the OCF patches should be a good start to doing more IPSec offloading, at least it weas created with that in mind at some point in the future :-) > > There was almost no reduction in crypto speed (IIRC < 1%). This > > basically means that #1 above is the best choice, and it saves you have > > to do anything in the openswan code and also lets you accelerate openssl > > and potentially other things. > > Considering the complete protocol processing offloading, > I will have to find new hook points in KLIPS. Yes, the TX and RX state machine should give you most of those hooks. You should be able to do some like: init state (hand off) skip to final state > Are there any efforts going on (OCF-2?) that let us use > these new features of such cards? No, OCF-2 didn't turn into anything I could see. Cheers, Davidm -- David McCullough, dav...@se..., Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org |
|
From: hiren j. <jos...@gm...> - 2009-03-19 12:01:01
|
Thank you for the much awaited answer! >> So I meant to use these features to completely offload >> the packet protocol processing (not just crypto operations) >> by integrating the HiFN APIs with Openswan(KLIPS). > > That will be a bit of work and not much that OCF has done to date will > help you here. The state machine in KLIPS which came with the OCF > patches should be a good start to doing more IPSec offloading, at least > it weas created with that in mind at some point in the future :-) >> Considering the complete protocol processing offloading, >> I will have to find new hook points in KLIPS. > > Yes, the TX and RX state machine should give you most of those hooks. > You should be able to do some like: > > init state > (hand off) > skip to final state Thanks for pointing to both these things. However currently I am stuck as the HiFN driver is written for linux-2.4.x and I use linux-2.6.x. :-( Thanks again, hiren |
|
From: David M. <Dav...@se...> - 2009-03-19 22:51:22
|
Jivin hiren joshi lays it down ... > Thank you for the much awaited answer! > > >> So I meant to use these features to completely offload > >> the packet protocol processing (not just crypto operations) > >> by integrating the HiFN APIs with Openswan(KLIPS). > > > > That will be a bit of work and not much that OCF has done to date will > > help you here. The state machine in KLIPS which came with the OCF > > patches should be a good start to doing more IPSec offloading, at least > > it weas created with that in mind at some point in the future :-) > > >> Considering the complete protocol processing offloading, > >> I will have to find new hook points in KLIPS. > > > > Yes, the TX and RX state machine should give you most of those hooks. > > You should be able to do some like: > > > > init state > > (hand off) > > skip to final state > > Thanks for pointing to both these things. > However currently I am stuck as the HiFN driver is written for > linux-2.4.x and I use linux-2.6.x. :-( So the SDK for the Hifn HIPP devices is 2.4 only, thats seems a bit dodgy. I checked my hifn extranet login and couldn't find anything better than their old 795x source. You could try contacting Hank Cohen at hifn, he has helped me in the past. Maybe they have something better. Hank Cohen <hc...@hi...> Let him know you were talking to me about OCF/HIFN/8155 and were wondering if they had anything for linux-2.6 in that space. Of course the SDK is more than likely 95% OS independant for use with vxworks/windows/whatever, so you may be able to use it on almost any OS without too much work :-( Cheers, Davidm -- David McCullough, dav...@se..., Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org |
|
From: hiren j. <jos...@gm...> - 2009-03-20 12:20:32
|
On Fri, Mar 20, 2009 at 1:02 PM, hiren joshi <jos...@gm...> wrote: > > Hello David, > > > > Thanks for pointing to both these things. > > > However currently I am stuck as the HiFN driver is written for > > > linux-2.4.x and I use linux-2.6.x. :-( > > > > So the SDK for the Hifn HIPP devices is 2.4 only, thats seems a bit > > dodgy. > > > > I checked my hifn extranet login and couldn't find anything better than > > their old 795x source. > > > > You could try contacting Hank Cohen at hifn, he has helped me in the > > past. Maybe they have something better. > > > > Hank Cohen <hc...@hi...> > > > > Let him know you were talking to me about OCF/HIFN/8155 and were > > wondering if they had anything for linux-2.6 in that space. > > > > Of course the SDK is more than likely 95% OS independant for use with > > vxworks/windows/whatever, so you may be able to use it on almost any OS > > without too much work :-( > > We have already communicated the problem to HiFN. > Thank you very much for providing the reference. > We will get help from Mr Hank Cohen as needed. > I will get back to this as soon as I get something to share. Meanwhile I request OCF-users to help me in choosing an acceleration card that - 1. supports linux-2.6 (has driver for linux-2.6) 2. Has well documented APIs, SDKs that helps me to use it with Openswan/KLIPS If possible, please share realtime performance experience and other useful things (pros/cons). I need to be prepared with an alternate ;-) Thanks for your time. Regards, hiren |
|
From: David M. <Dav...@se...> - 2009-03-25 01:58:15
|
Jivin hiren joshi lays it down ... > On Fri, Mar 20, 2009 at 1:02 PM, hiren joshi <jos...@gm...> wrote: > > > > Hello David, > > > > > > Thanks for pointing to both these things. > > > > However currently I am stuck as the HiFN driver is written for > > > > linux-2.4.x and I use linux-2.6.x. :-( > > > > > > So the SDK for the Hifn HIPP devices is 2.4 only, thats seems a bit > > > dodgy. > > > > > > I checked my hifn extranet login and couldn't find anything better than > > > their old 795x source. > > > > > > You could try contacting Hank Cohen at hifn, he has helped me in the > > > past. Maybe they have something better. > > > > > > Hank Cohen <hc...@hi...> > > > > > > Let him know you were talking to me about OCF/HIFN/8155 and were > > > wondering if they had anything for linux-2.6 in that space. > > > > > > Of course the SDK is more than likely 95% OS independant for use with > > > vxworks/windows/whatever, so you may be able to use it on almost any OS > > > without too much work :-( > > > > We have already communicated the problem to HiFN. > > Thank you very much for providing the reference. > > We will get help from Mr Hank Cohen as needed. > > I will get back to this as soon as I get something to share. > > Meanwhile I request OCF-users to help me in choosing an acceleration card that - > > 1. supports linux-2.6 (has driver for linux-2.6) > 2. Has well documented APIs, SDKs that helps me to use it with Openswan/KLIPS > > If possible, please share realtime performance experience and other > useful things (pros/cons). > I need to be prepared with an alternate ;-) Have a look at the cavium NITROX card (PCIe), it has everything you are asking for and tops out at about 2.5Gbps for some kinds of use. I am working on one at the moment, hopefully I will have a better feel for it once some of my other projects complete and I spend some more time on it. It has patches for the linux NETKEY stack IIRC and I think I saw some patches for ipsec user tools (non-openswan). Cheers, Davidm -- David McCullough, dav...@se..., Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X