Date: Thu, 15 Apr 2004 14:05:18 -0400 From: andy@lewman.com To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: recommended SSL-friendly crypto accelerator Message-ID: <20040415180518.GA46433@phobos.osem.com> In-Reply-To: <20040415180317.GA2357@phobos.osem.com> References: <20040408144322.GA83448@bewilderbeast.blackhelicopters.org> <26486.1081437513@critter.freebsd.dk> <20040413181943.GA55219@bewilderbeast.blackhelicopters.org> <20040415030319.GA71038@phobos.osem.com> <6.0.3.0.0.20040414230754.07d7cf18@209.112.4.2> <20040415145148.GA99338@phobos.osem.com> <6.0.3.0.0.20040415105459.0477f488@209.112.4.2> <20040415180317.GA2357@phobos.osem.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Of course, after I send this, I realize I'm using aes-128 on the ssh side. Sorry, I can't reconfig the sshd right now, but will try later on tonight. -Andrew On Thu, Apr 15, 2004 at 02:03:17PM -0400, andy@lewman.com wrote 2.3K bytes in 76 lines about: : Yes, it appears to be both ssh and apache w/ssl. : : Here's ssh alone, from console, with single session login with rsa key: : : phobos# apachectl stop : phobos# ./hifnstats : input 485139168 bytes 1563934 packets : output 485139168 bytes 1563934 packets : invalid 0 nomem 0 abort 0 : noirq 0 unaligned 0 : totbatch 0 maxbatch 0 : nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 : : phobos# ./hifnstats : input 485141328 bytes 1563962 packets : output 485141328 bytes 1563962 packets : invalid 0 nomem 0 abort 0 : noirq 0 unaligned 0 : totbatch 0 maxbatch 0 : nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 : : with ssh stopped, apache2 w/ssl hitting an ssl enabled site on the : server: : : phobos# ./hifnstats : input 485226224 bytes 1565175 packets : output 485226224 bytes 1565175 packets : invalid 0 nomem 0 abort 0 : noirq 0 unaligned 0 : totbatch 0 maxbatch 0 : nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 : : <insert site hit here> : : phobos# ./hifnstats : input 485232512 bytes 1565205 packets : output 485232512 bytes 1565205 packets : invalid 0 nomem 0 abort 0 : noirq 0 unaligned 0 : totbatch 0 maxbatch 0 : nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 : : And for the heck of it, here's my crypto stats, but this doesn't mean : it's going through the card; if i'm understanding it correctly. : : ./cryptostats : 1565690 symmetric crypto ops (0 errors, 0 times driver blocked) : 5 key ops (5 errors, 0 times driver blocked) : 0 crypto dispatch thread activations : 5 crypto return thread activations : : : On Thu, Apr 15, 2004 at 11:05:30AM -0400, mike@sentex.net wrote 0.5K bytes in 16 lines about: : : At 10:51 AM 15/04/2004, andy@lewman.com wrote: : : >hifnstats shows decent amounts of traffic through it (at least : : >interrupts) however cryptokeytest doesn't work due to an unsupport call : : >apparently. : : > : : >Here's my hifnstats: : : > : : >input 476104224 bytes 1527365 packets : : >output 476104224 bytes 1527365 packets : : : : But is that your ssh session that is being accelerated ? To test, login : : via the console, or login using blowfish as the cipher. Then run hifnstats : : and make sure that the packet counters are not incrementing. Then do your : : https test. : : : : ---Mike : : -- : : _______________________________________________ : freebsd-security@freebsd.org mailing list : http://lists.freebsd.org/mailman/listinfo/freebsd-security : To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040415180518.GA46433>