VIA/ACE PadLock integration with crypto(9).
Mike Tancsa
mike at sentex.net
Tue Aug 16 19:53:27 GMT 2005
At 02:59 PM 16/08/2005, Pawel Jakub Dawidek wrote:
>On Sat, Aug 13, 2005 at 02:23:51PM -0400, Mike Tancsa wrote:
>+> Overnight I also let a copy of netperf run blasting various
>network tests across the IPSEC tunnel and all was as expected. I
>had to enable polling on the box as it was
>+> getting dangerously close to livelock with the high level of
>interrupts. At 1500 HZ its still quite fast, forwarding IPSEC
>traffic at 60Mb/s and the box is VERY
>+> responsive. Without the padlock.ko, it comes in just at 23Mb/s.
>
>Good news, but I think, I expected more...
I think the processor is just really getting maxed out. 60Mb/s is
still a very nice boost. And without polling, it was in the 80s
which is pretty cool considering this is a very low end CPU Hz
wise. Even unencrypted traffic at those rates makes the machine
totally unresponsive due to the high interrupt load.
+> Actually this happens in RELENG_6 as well. I have updated the PR
with a crash dump and back trace.
>Ok, I committed a fix to HEAD.
>Here is the patch:
>
> http://people.freebsd.org/~pjd/patches/rijndael.patch
Perhaps a lame question, but would it be possible to craft such a
packet from the outside world to send as a DoS ?
---Mike
More information about the freebsd-current
mailing list