recommended SSL-friendly crypto accelerator
andy at lewman.com
andy at lewman.com
Thu Apr 15 11:03:21 PDT 2004
Yes, it appears to be both ssh and apache w/ssl.
Here's ssh alone, from console, with single session login with rsa key:
phobos# apachectl stop
phobos# ./hifnstats
input 485139168 bytes 1563934 packets
output 485139168 bytes 1563934 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
phobos# ./hifnstats
input 485141328 bytes 1563962 packets
output 485141328 bytes 1563962 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
with ssh stopped, apache2 w/ssl hitting an ssl enabled site on the
server:
phobos# ./hifnstats
input 485226224 bytes 1565175 packets
output 485226224 bytes 1565175 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
<insert site hit here>
phobos# ./hifnstats
input 485232512 bytes 1565205 packets
output 485232512 bytes 1565205 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
And for the heck of it, here's my crypto stats, but this doesn't mean
it's going through the card; if i'm understanding it correctly.
./cryptostats
1565690 symmetric crypto ops (0 errors, 0 times driver blocked)
5 key ops (5 errors, 0 times driver blocked)
0 crypto dispatch thread activations
5 crypto return thread activations
On Thu, Apr 15, 2004 at 11:05:30AM -0400, mike at sentex.net wrote 0.5K bytes in 16 lines about:
: At 10:51 AM 15/04/2004, andy at lewman.com wrote:
: >hifnstats shows decent amounts of traffic through it (at least
: >interrupts) however cryptokeytest doesn't work due to an unsupport call
: >apparently.
: >
: >Here's my hifnstats:
: >
: >input 476104224 bytes 1527365 packets
: >output 476104224 bytes 1527365 packets
:
: But is that your ssh session that is being accelerated ? To test, login
: via the console, or login using blowfish as the cipher. Then run hifnstats
: and make sure that the packet counters are not incrementing. Then do your
: https test.
:
: ---Mike
--
More information about the freebsd-security
mailing list