Hardware Crypto Engine driver
This driver is shipped only with the BSPs that need it. |
io-pkt-variant -d mpcsec [option[,option ...]] ... &
where variant is one of v4, v4-hc, or v6-hc.
Neutrino
Use commas, not spaces, to separate the options. Use these options to override the defaults. |
The devnp-mpcsec.so shared object is a Hardware Crypto Engine driver. This is a native io-pkt driver; its interface names are in the form tsecX, where X is an integer.
Some devices support hardware checksums, although some might do so in only one direction; to determine if your device does, type:
ifconfig tsecX
and look for the following in the list of supported options:
You can then use ifconfig to enable or disable whichever of these options your device supports.
Native io-pkt and ported NetBSD drivers don't put entries into the /dev/io-net namespace, so a waitfor command for such an entry won't work properly in buildfiles or scripts. Use if_up -p instead; for example, instead of waitfor /dev/io-net/tsec0, use if_up -p tsec0. |
On the 85xx, start the v6 TCP/IP variant of io-pkt, using the devnp-mpcsec.so SEC driver and the TSEC Ethernet driver with IPsec enabled in the stack:
io-pkt-v6-hc -d /proc/boot/devnp-mpcsec.so verbose=2 -p tcpip-v6 \ ipsec -d /proc/boot/devnp-mpc85xx.so mac=00112233AABBCC # config the (2nd) ethernet port ifconfig tsec1 10.42.110.239 # config md5-hmac ah and des-cbc esp for IPsec to peer 10.42.110.212 setkey -c << EOF add 10.42.110.212 10.42.110.239 ah 9877 -A hmac-md5 "1234567890123456"; add 10.42.110.239 10.42.110.212 ah 9878 -A hmac-md5 "1234567890123456"; add 10.42.110.212 10.42.110.239 esp 9881 -E des-cbc "12345678"; add 10.42.110.239 10.42.110.212 esp 9882 -E des-cbc "12345678"; spdadd 10.42.110.239 10.42.110.212 any -P out ipsec esp/transport//use ah/transport//use; EOF # on peer 10.42.110.212 run this: setkey -c << EOF add 10.42.110.212 10.42.110.239 ah 9877 -A hmac-md5 "1234567890123456"; add 10.42.110.239 10.42.110.212 ah 9878 -A hmac-md5 "1234567890123456"; add 10.42.110.212 10.42.110.239 esp 9881 -E des-cbc "12345678"; add 10.42.110.239 10.42.110.212 esp 9882 -E des-cbc "12345678"; spdadd 10.42.110.212 10.42.110.239 any -P out ipsec esp/transport//use ah/transport//use; EOF
devn-*, devnp-*, ifconfig, io-pkt, nicinfo