From owner-freebsd-net@FreeBSD.ORG Fri Jun 14 19:34:51 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 63A5B6B1; Fri, 14 Jun 2013 19:34:51 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) by mx1.freebsd.org (Postfix) with ESMTP id 253191462; Fri, 14 Jun 2013 19:34:50 +0000 (UTC) Received: from slw by zxy.spb.ru with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1UnZml-000FjL-Oj; Fri, 14 Jun 2013 23:35:47 +0400 Date: Fri, 14 Jun 2013 23:35:47 +0400 From: Slawa Olhovchenkov To: VANHULLEBUS Yvan Subject: Re: IPSec improvement Message-ID: <20130614193547.GA58171@zxy.spb.ru> References: <20130614103615.GQ34554@zxy.spb.ru> <20130614131400.GA23375@zeninc.net> <20130614132430.GS34554@zxy.spb.ru> <20130614135921.GB23484@zeninc.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130614135921.GB23484@zeninc.net> User-Agent: Mutt/1.5.21 (2010-09-15) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jun 2013 19:34:51 -0000 On Fri, Jun 14, 2013 at 03:59:22PM +0200, VANHULLEBUS Yvan wrote: > > > On Fri, Jun 14, 2013 at 02:36:15PM +0400, Slawa Olhovchenkov wrote: > > > > I am plan to do some improve in IPSec stack: > > > > > > > > - AES-GCM support (from OpenBSD) > > > > > > Dylan Castine already started to work on that last year (see ML's > > > archives), and we took some time to work together on that. > > > > > > Unfortunately, patch hasn't been commited since, as Dylan needed some > > > more time to do some important cleanups on the code. > > > > > > I'll try to recontact Dylan to see if he could take time to finish > > > that. > > > > OK, you inform about progress in this list? > > Yep. > > Just for information, Dylan also talked about such code last year, but > the patch I got were from Riaan Kruger. > I just sent him a mail on that subject. > > The patchset Riaan provided me was working on basic tests. > On the benchmark we did, software AES-GCM was faster than software > AES-CBC+SHA1, but slower than hardware accelerated AES-CBC+SHA1 (tried > with both VIA's Padlock and Intel's AESNI). Can I see this patches? This patches must implement infrastructure for combined algoritms, GOST/GOST R also is combined algoritm.