Date: Tue, 16 Aug 2005 15:53:26 -0400 From: Mike Tancsa <mike@sentex.net> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: FreeBSD-current <freebsd-current@FreeBSD.org> Subject: Re: VIA/ACE PadLock integration with crypto(9). Message-ID: <6.2.3.4.0.20050816154326.087cf7b8@64.7.153.2> In-Reply-To: <20050816185956.GA8407@garage.freebsd.pl> References: <20050812134511.GE25162@garage.freebsd.pl> <6.2.3.4.0.20050813012441.061d08b0@64.7.153.2> <20050813074636.GH27996@garage.freebsd.pl> <6.2.3.4.0.20050813102138.0644fe08@64.7.153.2> <20050816185956.GA8407@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:59 PM 16/08/2005, Pawel Jakub Dawidek wrote: >On Sat, Aug 13, 2005 at 02:23:51PM -0400, Mike Tancsa wrote: >+> Overnight I also let a copy of netperf run blasting various >network tests across the IPSEC tunnel and all was as expected. I >had to enable polling on the box as it was >+> getting dangerously close to livelock with the high level of >interrupts. At 1500 HZ its still quite fast, forwarding IPSEC >traffic at 60Mb/s and the box is VERY >+> responsive. Without the padlock.ko, it comes in just at 23Mb/s. > >Good news, but I think, I expected more... I think the processor is just really getting maxed out. 60Mb/s is still a very nice boost. And without polling, it was in the 80s which is pretty cool considering this is a very low end CPU Hz wise. Even unencrypted traffic at those rates makes the machine totally unresponsive due to the high interrupt load. +> Actually this happens in RELENG_6 as well. I have updated the PR with a crash dump and back trace. >Ok, I committed a fix to HEAD. >Here is the patch: > > http://people.freebsd.org/~pjd/patches/rijndael.patch Perhaps a lame question, but would it be possible to craft such a packet from the outside world to send as a DoS ? ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.3.4.0.20050816154326.087cf7b8>