From owner-freebsd-current@FreeBSD.ORG Tue Aug 16 19:53:27 2005 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A6BA16A41F; Tue, 16 Aug 2005 19:53:27 +0000 (GMT) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id A319943D45; Tue, 16 Aug 2005 19:53:26 +0000 (GMT) (envelope-from mike@sentex.net) Received: from pumice3.sentex.ca (pumice3.sentex.ca [64.7.153.26]) by smarthost1.sentex.ca (8.13.3/8.13.3) with ESMTP id j7GJqKiF079716; Tue, 16 Aug 2005 15:52:20 -0400 (EDT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by pumice3.sentex.ca (8.13.3/8.13.3) with ESMTP id j7GJrPSZ026971; Tue, 16 Aug 2005 15:53:25 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3/8.13.3) with ESMTP id j7GJrOOb059250 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 16 Aug 2005 15:53:24 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.2.3.4.0.20050816154326.087cf7b8@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 Date: Tue, 16 Aug 2005 15:53:26 -0400 To: Pawel Jakub Dawidek From: Mike Tancsa In-Reply-To: <20050816185956.GA8407@garage.freebsd.pl> References: <20050812134511.GE25162@garage.freebsd.pl> <6.2.3.4.0.20050813012441.061d08b0@64.7.153.2> <20050813074636.GH27996@garage.freebsd.pl> <6.2.3.4.0.20050813102138.0644fe08@64.7.153.2> <20050816185956.GA8407@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Scanned-By: MIMEDefang 2.51 on 64.7.153.18 X-Scanned-By: MIMEDefang 2.51 on 64.7.153.26 Cc: FreeBSD-current Subject: Re: VIA/ACE PadLock integration with crypto(9). X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2005 19:53:27 -0000 At 02:59 PM 16/08/2005, Pawel Jakub Dawidek wrote: >On Sat, Aug 13, 2005 at 02:23:51PM -0400, Mike Tancsa wrote: >+> Overnight I also let a copy of netperf run blasting various >network tests across the IPSEC tunnel and all was as expected. I >had to enable polling on the box as it was >+> getting dangerously close to livelock with the high level of >interrupts. At 1500 HZ its still quite fast, forwarding IPSEC >traffic at 60Mb/s and the box is VERY >+> responsive. Without the padlock.ko, it comes in just at 23Mb/s. > >Good news, but I think, I expected more... I think the processor is just really getting maxed out. 60Mb/s is still a very nice boost. And without polling, it was in the 80s which is pretty cool considering this is a very low end CPU Hz wise. Even unencrypted traffic at those rates makes the machine totally unresponsive due to the high interrupt load. +> Actually this happens in RELENG_6 as well. I have updated the PR with a crash dump and back trace. >Ok, I committed a fix to HEAD. >Here is the patch: > > http://people.freebsd.org/~pjd/patches/rijndael.patch Perhaps a lame question, but would it be possible to craft such a packet from the outside world to send as a DoS ? ---Mike