Date: Fri, 24 Apr 2015 02:26:43 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Sydney Meyer <meyer.sydney@googlemail.com>, freebsd-net@freebsd.org Subject: Re: IPSec Performance under Xen Message-ID: <55397FB3.6080702@yandex.ru> In-Reply-To: <CF189888-FD6B-4407-8360-56206D49DD6D@gmail.com> References: <CF189888-FD6B-4407-8360-56206D49DD6D@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24.04.2015 01:00, Sydney Meyer wrote:
> Hello,
>
> I have set up 2 VM's under Xen running each one IPSec-Endpoint.
> Everything seems to work fine, but (measured with benchmarks/iperf)
> the performance drops from ~10 Gb/s on a non-IPSec-Kernel to ~200
> Mb/s with IPSec compiled in, regardless of whether actually using
> IPSec or not.
Can you test this patch to see the difference? It isn't a fix. It is
just to see how will help avoiding of PCB check.
--- ip_output.c (revision 281867)
+++ ip_output.c (working copy)
@@ -482,7 +482,7 @@ again:
sendit:
#ifdef IPSEC
- switch(ip_ipsec_output(&m, inp, &flags, &error)) {
+ switch(ip_ipsec_output(&m, NULL, &flags, &error)) {
case 1:
goto bad;
case -1:
--
WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55397FB3.6080702>