FreeBSD + Rainbow Cryptoswift
Mike Tancsa
mike at sentex.net
Mon Jan 26 13:43:31 PST 2004
At 01:25 PM 26/01/2004, Robert Watson wrote:
> >
> > I took a look at those cards (vpn1201 and vpn1211). They don't seem to
> > have AES support and only support 2-8 RSA connections/sec. Rainbow say
> > that their cards support 1000 RSA connections/sec which is quite
> > astonishing. The vpn1401 and vpn1411 seem to have better performance
> > but as you said the hifn(4) driver support is broken for those :(
>
>Poul-Henning recently sent me some performance numbers from his initial
>work to hook GEOM up to the AES support in the crypto framework using the
>VPN1401/1411. He didn't seem to report any brokenness in the driver in
>-CURRENT. The support may not yet have been MFC'd to -STABLE yet,
>however.
I forgot the steps I used to re-create the problem. Perhaps phk can try it
on 5.x to see if the problem is there as well. Here is what I posed on the
soekris list
---------------
I can also reproduce it without too much trouble doing something like the
following.
Login via ssh with a non supported cipher like blowfish. Login a second
time with a supported cipher e.g. 3des).
Then issue something like the following from the blowfish session.
openssl enc -des3 -in big -k p | ssh mdtancsa at 192.168.43.26 "cat - >
/usr/home/mdtancsa/b.out"
where the file big is some very large file.
It seems to take a while (5 or 6 iterations at first of a file 914,767,872
which was initially created with cat /dev/urandom > ) but then it seems to
be fairly easy to reproduce happening a few times during the big
session. Running truss on the openssl pid,
....
write(1,0x80ac000,16384) = 16384 (0x4000)
read(0x4,0x80b2000,0x4000) = 16384 (0x4000)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
write(1,0x80ac000,16384) = 16384 (0x4000)
read(0x4,0x80b2000,0x4000) = 16384 (0x4000)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
... and then it just stalls. If I then hit enter in the 3des encrypted ssh
session or do something that talks to /dev/crypto, it goes again for a
seeming random period of time. It seems to pick up exactly where it should.
The next lines being,
write(1,0x80ac000,16384) = 16384 (0x4000)
read(0x4,0x80b2000,0x4000) = 16384 (0x4000)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
write(1,0x80ac000,16384) = 16384 (0x4000)
read(0x4,0x80b2000,0x4000) = 16384 (0x4000)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
write(1,0x80ac000,16384) = 16384 (0x4000)
read(0x4,0x80b2000,0x4000) = 16384 (0x4000)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
ioctl(5,CIOCCRYPT,0xbfbff334) = 0 (0x0)
write(1,0x80ac000,16384) = 16384 (0x4000)
and then stalls again.
I dont have debugging symbols built, but attaching to it shows
(gdb) bt
#0 0x2825a540 in write () from /usr/lib/libc.so.4
#1 0x28259fb2 in __swrite () from /usr/lib/libc.so.4
#2 0x2825815d in __sflush () from /usr/lib/libc.so.4
#3 0x282580c5 in fflush () from /usr/lib/libc.so.4
#4 0x28254e8e in __sfvwrite () from /usr/lib/libc.so.4
#5 0x281fc4cc in fwrite () from /usr/lib/libc.so.4
#6 0x28191dde in BIO_s_file () from /usr/lib/libcrypto.so.3
#7 0x2819f34b in BIO_write () from /usr/lib/libcrypto.so.3
#8 0x2812fb66 in BIO_f_cipher () from /usr/lib/libcrypto.so.3
#9 0x2819f34b in BIO_write () from /usr/lib/libcrypto.so.3
#10 0x80619eb in TXT_DB_get_by_index ()
#11 0x8066806 in TXT_DB_get_by_index ()
#12 0x8066574 in TXT_DB_get_by_index ()
#13 0x8053d3a in TXT_DB_get_by_index ()
I am happy to do any grunt work to track this down.
---Mike
More information about the freebsd-stable
mailing list