From owner-freebsd-arch@freebsd.org Thu Jan 9 15:54:42 2020 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E64B11F1F31 for ; Thu, 9 Jan 2020 15:54:42 +0000 (UTC) (envelope-from pdk@semihalf.com) Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47trKF5KKzz4K6j for ; Thu, 9 Jan 2020 15:54:41 +0000 (UTC) (envelope-from pdk@semihalf.com) Received: by mail-lf1-x133.google.com with SMTP id y19so5543480lfl.9 for ; Thu, 09 Jan 2020 07:54:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=aNM14UBF6+nKynSqFR1zvohBpM6WOOvbR2CvxkwoWJk=; b=iRU9LT/sWth+YvAJD52A5oVtwpywH1nqRsxwkOFdMfpFvrX9f8wc4c6+FJ0S7GLAfV lUG4vE+PmmSTMacseA1jlGfWW7bMPvweomWQZTw87ocolIFjsOmmUnPeOAd6GGHYHEAD IZshzU1YYZ121po88ZGyGeInR4q1AC31EQ2sBmDJTI2sKda0am3d82hVp6ePqCGFp41r pGDCcm7n1DOKIBjWCrouhWILBM1XHfTLVMO7zR2ID38KiBWKpbVpRkeJ4nrZXugZA9ww bqfvWHZVD2npuTC/NKc+9bRRug1UAtF4zjoKVUTXG6yg66ibTwA0sym5rg5zApLCZtF9 nicw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=aNM14UBF6+nKynSqFR1zvohBpM6WOOvbR2CvxkwoWJk=; b=O0vOmX/0pSMiHP4Geo9i2XA6uKcaEyCxr06MOiSzYxB6C/SjVbsLGI5NdcKtRzxiMh yvLYUbUA1osXfTIhmQCqUoDRI4L1cjJDPMf0rstxxM6bbsHjpd7RxyoBoQaCOUep/b7F cnpwYQJBEnxxGInSTKurXLrnC2mCuUFVKRRg+YchVhJZ3k5wX1PCguYqUfJxjex+uX3C ZOvr2oNTUzwYIQ91JmHUabneowzuEDUQX2yjvYt7d5OXbmo0xEnS/x9jmAlIgltv3+s0 TS1OrcnlB1wzgk6bWKpxweaB/2m1UNTdL7pr11rON7R3mRkdOGJ1Yyon3b4lhQlBwUrC o8fQ== X-Gm-Message-State: APjAAAXidn4K9zujT14zbnFHlZMd5QkJffIStTYWM/gdXM8by7ar94I8 EArT6+PZRB7GSocy5lahKCSGZHKP25J8lG6CUZJ02aEsyBc= X-Google-Smtp-Source: APXvYqwYw5KibfdUTN3HTrFcpidwseXYp3F75vurzDhtTiCRgdSVfLM/cX3zNpsxbppcChLSBOu7RujSFWWqs4BqOQ0= X-Received: by 2002:ac2:5604:: with SMTP id v4mr6182009lfd.152.1578585279673; Thu, 09 Jan 2020 07:54:39 -0800 (PST) MIME-Version: 1.0 From: Patryk Duda Date: Thu, 9 Jan 2020 16:53:26 +0100 Message-ID: Subject: Re: CFT: Open Crypto Framework Changes: Round 1 To: freebsd-arch@freebsd.org X-Rspamd-Queue-Id: 47trKF5KKzz4K6j X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=semihalf-com.20150623.gappssmtp.com header.s=20150623 header.b=iRU9LT/s; dmarc=none; spf=none (mx1.freebsd.org: domain of pdk@semihalf.com has no SPF policy when checking 2a00:1450:4864:20::133) smtp.mailfrom=pdk@semihalf.com X-Spamd-Result: default: False [-4.10 / 15.00]; ARC_NA(0.00)[]; FAKE_REPLY(1.00)[]; R_DKIM_ALLOW(-0.20)[semihalf-com.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-arch@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[semihalf.com]; DKIM_TRACE(0.00)[semihalf-com.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-2.80)[ip: (-9.50), ipnet: 2a00:1450::/32(-2.61), asn: 15169(-1.85), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jan 2020 15:54:43 -0000 Hi John, I tested ocf_rework branch on device which has cesa support. Output from "cryptocheck -vz -a all" doesn't differ when kernel was compiled from ocf_rework and from e0f7c88b6c (commit before changes). In both cases I can get the same number of interrupts generated by cesa using "vmstat -i". Nevertheless when I'm running IPSec (Strongswan acts as IKE daemon) software crypto is used instead of cesa. Performance is poor and no cesa interrupts are generated. When running kernel built from commit e0f7c88b6c IPSec works fine. Strongswan is configured to use only AES128 CBC + SHA256 HMAC. This combination is supported by cesa, confirmed by cryptocheck. In my opinion something between IPSec and cesa is broken. Best regards, Patryk PS This message was sent twice because for the first time I was not subscribed for mailing list and my message got stuck in moderation.