VIA/ACE PadLock integration with crypto(9).

Mike Tancsa mike at sentex.net
Tue Aug 16 19:53:27 GMT 2005


At 02:59 PM 16/08/2005, Pawel Jakub Dawidek wrote:
>On Sat, Aug 13, 2005 at 02:23:51PM -0400, Mike Tancsa wrote:
>+> Overnight I also let a copy of netperf run blasting various 
>network tests across the IPSEC tunnel and all was as expected.  I 
>had to enable polling on the box as it was
>+> getting dangerously close to livelock with the high level of 
>interrupts.  At 1500 HZ its still quite fast, forwarding IPSEC 
>traffic at 60Mb/s and the box is VERY
>+> responsive.  Without the padlock.ko, it comes in just at 23Mb/s.
>
>Good news, but I think, I expected more...

I think the processor is just really getting maxed out.  60Mb/s is 
still a very nice boost.  And without polling, it was in the 80s 
which is pretty cool considering this is a very low end CPU Hz 
wise.  Even unencrypted traffic at those rates makes the machine 
totally unresponsive due to the high interrupt load.

+> Actually this happens in RELENG_6 as well.  I have updated the PR 
with a crash dump and back trace.

>Ok, I committed a fix to HEAD.
>Here is the patch:
>
>         http://people.freebsd.org/~pjd/patches/rijndael.patch


Perhaps a lame question, but would it be possible to craft such a 
packet from the outside world to send as a DoS ?

         ---Mike 



More information about the freebsd-current mailing list