From owner-freebsd-security Fri Feb 7 13:30:57 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DED937B401 for ; Fri, 7 Feb 2003 13:30:56 -0800 (PST) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id D68D343F3F for ; Fri, 7 Feb 2003 13:30:55 -0800 (PST) (envelope-from sam@errno.com) Received: from melange (melange.errno.com [66.127.85.82]) (authenticated bits=0) by ebb.errno.com (8.12.5/8.12.1) with ESMTP id h17LUsnN075086 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Fri, 7 Feb 2003 13:30:55 -0800 (PST)?g (envelope-from sam@errno.com)œ X-Authentication-Warning: ebb.errno.com: Host melange.errno.com [66.127.85.82] claimed to be melange Message-ID: <06fd01c2cef0$32890a70$52557f42@errno.com> From: "Sam Leffler" To: "Jason Stone" , References: <20030207130102.N3350-100000@walter> Subject: Re: hardware encryption under freebsd Date: Fri, 7 Feb 2003 13:30:54 -0800 Organization: Errno Consulting MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > 4.7-release does not have the new ipsec code. I can't recall if the > > crypto code got in. > > > > [...] In general I see 100% utilization of the crypto h/w under IPsec > > or user load when machines are connected back-to-back with gigE > > interfaces. > > What tools allow you to examine the utilization or performance of the > crypto hardware? I added code to timestamp crypto requests as they travel through the system. This is enabled/disabled with a sysctl. I then changed the cryptotest program found in the tools area to use this to collect "profiling" data when running tests. This, together with statistics collected by each driver, let me see how the h/w is performing. From certain of the times I can infer when the system is running at peak. If I correlate this with the system load I can tell farely well (I believe) whether the crypto h/w is fully utilized. The results of this work explain, for example, why the FreeBSD crypto code has diverged from OpenBSD and why it outperforms OpenBSD as much as 3x in some cases. I've also logged all the timestamp data and post-processed it to get useful data. I'm submitting a paper about this work soon. Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message