Print

[Confusticated]

Here is an alternative to the BSD's cryptodev.

http://carnivore.it/2011/04/23/openssl_-_af_alg

The Pro's:
The current OpenSSL supports it, so no patching, compiling.
No non-standard package breakage on an upgrade.
It is in the kernel mainstream, and therefore officially recognised and supported.
It works on the New IT images with recent kernels (GuiPlug) without modifying them.

The Con's:
It is currenty not as fast as cryptodev (hopefully, this will change with maturity).

After playing with this for a couple of days I consider the slower speed only a minor drawback,
whereas the 'offload'ing of the CPU is a significant advantage.

[Confusticated]

Recently got caught out after installing a 3.3.0 kernel, hardware crypt access stopped happening for me.
I had necessarily tweaked the kernel config a little, but couldn't figure out what had gone wrong...

It seems (I had failed to realise) that the kernel module dependencies on af_alg.ko were not being picked up.
This resulted in the load failure of the cryptographic module that was dependant on it (rather than asking af_alg to be loaded).

The solution is simple...create the file (or edit /etc/modprobe.d/aliases.conf every time you upgrade) /etc/modprobe.d/alias-net-pf-38.conf

Code: [Select]

alias net-pf-38 af_alg