From owner-freebsd-security@FreeBSD.ORG Thu Apr 15 11:03:21 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6847516A4CE for ; Thu, 15 Apr 2004 11:03:21 -0700 (PDT) Received: from phobos.osem.com (phobos.osem.com [66.92.67.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FA4B43D2D for ; Thu, 15 Apr 2004 11:03:18 -0700 (PDT) (envelope-from andy@lewman.com) Received: by phobos.osem.com (Postfix, from userid 1001) id C8F8D222; Thu, 15 Apr 2004 14:03:17 -0400 (EDT) Date: Thu, 15 Apr 2004 14:03:17 -0400 From: andy@lewman.com To: Mike Tancsa Message-ID: <20040415180317.GA2357@phobos.osem.com> References: <20040408144322.GA83448@bewilderbeast.blackhelicopters.org> <26486.1081437513@critter.freebsd.dk> <20040413181943.GA55219@bewilderbeast.blackhelicopters.org> <20040415030319.GA71038@phobos.osem.com> <6.0.3.0.0.20040414230754.07d7cf18@209.112.4.2> <20040415145148.GA99338@phobos.osem.com> <6.0.3.0.0.20040415105459.0477f488@209.112.4.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.3.0.0.20040415105459.0477f488@209.112.4.2> User-Agent: Mutt/1.4.2.1i X-phase_of_moon: The Moon is Waning Crescent (15% of Full) cc: freebsd-security@freebsd.org Subject: Re: recommended SSL-friendly crypto accelerator X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Apr 2004 18:03:21 -0000 Yes, it appears to be both ssh and apache w/ssl. Here's ssh alone, from console, with single session login with rsa key: phobos# apachectl stop phobos# ./hifnstats input 485139168 bytes 1563934 packets output 485139168 bytes 1563934 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 phobos# ./hifnstats input 485141328 bytes 1563962 packets output 485141328 bytes 1563962 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 with ssh stopped, apache2 w/ssl hitting an ssl enabled site on the server: phobos# ./hifnstats input 485226224 bytes 1565175 packets output 485226224 bytes 1565175 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 phobos# ./hifnstats input 485232512 bytes 1565205 packets output 485232512 bytes 1565205 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 And for the heck of it, here's my crypto stats, but this doesn't mean it's going through the card; if i'm understanding it correctly. ./cryptostats 1565690 symmetric crypto ops (0 errors, 0 times driver blocked) 5 key ops (5 errors, 0 times driver blocked) 0 crypto dispatch thread activations 5 crypto return thread activations On Thu, Apr 15, 2004 at 11:05:30AM -0400, mike@sentex.net wrote 0.5K bytes in 16 lines about: : At 10:51 AM 15/04/2004, andy@lewman.com wrote: : >hifnstats shows decent amounts of traffic through it (at least : >interrupts) however cryptokeytest doesn't work due to an unsupport call : >apparently. : > : >Here's my hifnstats: : > : >input 476104224 bytes 1527365 packets : >output 476104224 bytes 1527365 packets : : But is that your ssh session that is being accelerated ? To test, login : via the console, or login using blowfish as the cipher. Then run hifnstats : and make sure that the packet counters are not incrementing. Then do your : https test. : : ---Mike --