From owner-freebsd-net@FreeBSD.ORG Wed Nov 5 16:19:36 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DCF51616 for ; Wed, 5 Nov 2014 16:19:35 +0000 (UTC) Received: from forward6l.mail.yandex.net (forward6l.mail.yandex.net [84.201.143.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 902D619F for ; Wed, 5 Nov 2014 16:19:35 +0000 (UTC) Received: from smtp1m.mail.yandex.net (smtp1m.mail.yandex.net [77.88.61.132]) by forward6l.mail.yandex.net (Yandex) with ESMTP id 995A314E17D2; Wed, 5 Nov 2014 19:19:25 +0300 (MSK) Received: from smtp1m.mail.yandex.net (localhost [127.0.0.1]) by smtp1m.mail.yandex.net (Yandex) with ESMTP id 30E3F6740306; Wed, 5 Nov 2014 19:19:25 +0300 (MSK) Received: from unknown (unknown [2a02:6b8:0:c33::1e7]) by smtp1m.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id RSXal0i6z8-JO2GPatu; Wed, 5 Nov 2014 19:19:24 +0300 (using TLSv1.2 with cipher AES128-SHA (128/128 bits)) (Client certificate not present) X-Yandex-Uniq: 28b3a187-a3df-4612-b247-8caedf046209 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1415204364; bh=nLWYFnbaifC/+0xS0yfuld/fc2Y04xo5ZFihtLrnBc0=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject: References:In-Reply-To:Content-Type; b=u+yLUZH9ZxdgmIwHK3RhoKbzrZn7n633JLJnSqWh/tc3iwdCAsRUn9NLwUg61Kwe0 Kv/5AWVuQzB3VAuWfTR72/efKkx4LQGg13m+zpMY1ZnUGExWDmuvafUVM8tL/zchgb O2yWgQbh48CAMocqZ8kLC2UpuAYIjeyLaq4QQFs4= Authentication-Results: smtp1m.mail.yandex.net; dkim=pass header.i=@yandex.ru Message-ID: <545A4E01.6010404@yandex.ru> Date: Wed, 05 Nov 2014 19:19:13 +0300 From: "Andrey V. Elsukov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: "Eric L. Camachat" , freebsd-net@freebsd.org Subject: Re: netmap in GENERIC, by default, on HEAD References: <92D22BEA-DDE5-4C6E-855C-B8CACB0319AC@neville-neil.com> <545A47A5.4010601@yandex.ru> <545A4B22.6080001@gmail.com> In-Reply-To: <545A4B22.6080001@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="swOQumfd8nv04GXjc9Va1STEDB6HeShhK" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 16:19:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --swOQumfd8nv04GXjc9Va1STEDB6HeShhK Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 05.11.2014 19:06, Eric L. Camachat wrote: >>> In two weeks I will enable IPSec by default, again in preparation for= 11. >=20 >> Hi, >=20 >> recently we did some IP forwarding tests and the GENERIC kernel is >> several times faster than GENERIC+IPSEC. Even when IPSEC has no SA. >=20 >> I didn't do test on vanilla kernel, but our kernel is able forward >> IPv4/IPv6 on rate close to 8.6 Mpps. The same kernel compiled with IPS= EC >> can forward only 180 kpps. I think this problem should be solved befor= e >> enabling it in GENERIC. >=20 > I think this is why we need IPSEC in GENERIC to let more tests involved= =2E > Maybe it also helps in kernel SSL encryption (key per IP vs per TCP > session). IPSEC had unresolved bugs for years, and now all will be magically fixed. I think we need some way to enable/disable it on the fly. This may be a compromise. --=20 WBR, Andrey V. Elsukov --swOQumfd8nv04GXjc9Va1STEDB6HeShhK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJUWk4FAAoJEAHF6gQQyKF6mwUH/jgB+BZKnlA4RucJbYa4TD0+ YmUeLRr9Y6ZYsxuyrxCry1QJ6QZ2pFtQ9sgRryyLEGYTVhipMfHqwXI0Fu1AnIws 1nRNxH6tdianCxRjWGvR+uEEl9jn6sMO4+86KVDJ8HjAzJXs/U7l8VGbsaa5W7xH dgfZ9s6u3032DNG18+HrR20Kp6Ua9RvDeqKmmSAtzZoJ6N/4Aj+jO7jagRwpH/UZ BfPFIspWpfHIHkVvl+wS+5V04uzRGu5RwxGHSfvgqAHCFImX9fHZdYvqKAtXrAA/ tyadxTv5kUqJXb2zArNHUFrh1Wm21RYdtW/kL06fXkoMMhsrBPQXZlSw/OhYmSc= =n9sw -----END PGP SIGNATURE----- --swOQumfd8nv04GXjc9Va1STEDB6HeShhK--