Offload features of the original firmware

Hi,

I'm trying to make sure I find all parts of the firmware that Cavium / ITUS had opensourced.
One thing that's giving me headaches going through the original firmware is i'm uncertain if they ever really hit the 'turbo' button on the CPU.

For example, ITUS integrated Snort, but I so far haven't found any libraries linked into the SNORT libraries that seem like they were used to use the CPU HFA offload with Snort. But that would be the exact thing that you would would expect with an Octeon. I also went through the OpenSSH/OpenSSL stuff (a bit) and I don't get the impression that ZLIB or SSL offload is used with OpenSSH.
I don't get the impression either that it's all turned on in OpenSSL - at that point I basically hope that I'm just crazy or blind (hopefully not both) but I try openssl engine, I look for a /dev/cryptodev or such, and I see little. I look at /proc/crypto and I see no telltale signs that some Octeon-specific stuff is called.
Once I got working networking and not just serial I'll run the openssl benchmarks to keep that for later review.

I see in /proc/config.gz that all Octeon related stuff is enabled (phew) and I hope that somewhere the iptables offload stuff is active. I think I saw some of that at least. Don't recall.

Can someone still remember or share some historic insight if generally the shield _did_ use all Octeon offload engines or maybe Cavium tricked them by saying "we support OpenWRT on this CPU" but not completing the other direction "OpenWRT supports everything on this CPU - and it is enabled on the shield?"

Especially with regards to rule offloadf (HFA) i got strong doubts.

It would probably need to be in the first one here.

root@Shield:/# ls /usr/lib/snort_dynamic*/*0.0.0
/usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
/usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0



I'm gonna go dig through the sources to find more info, but if anyone already looked at those it would help.
Goal is to not miss anything that was GPLed in some way so I can add it to my CI scripts and then later people can use that to port it forward to all Octeon variants.
For the Octeon9K/10K there's some documentation in marvell's dev docs, based on Intels hypersearch something something. So I think at least inside Palo Alto / Cisco sourcefire etc. those features were always around and used, UBNT I think never managed to figure out how to do (some) of it, thus the failed USG-XG-8 DPI implementation. But other's failures don't need to be our concern, we just need to know what we can find references for and accordingly make usable without the non-existant vendor's support. :-)

If someone has been in contact with the ITUS people during the kickstarter or after that's also interesting, of course. you can message me in private if you think someone is a good contact and won't be annoyed.