OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Sam Leffler (sam_at_errno.com)
Date: Fri Feb 07 2003 - 15:30:54 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > > 4.7-release does not have the new ipsec code. I can't recall if the
    > > crypto code got in.
    > >
    > > [...] In general I see 100% utilization of the crypto h/w under IPsec
    > > or user load when machines are connected back-to-back with gigE
    > > interfaces.
    >
    > What tools allow you to examine the utilization or performance of the
    > crypto hardware?

    I added code to timestamp crypto requests as they travel through the system.
    This is enabled/disabled with a sysctl. I then changed the cryptotest
    program found in the tools area to use this to collect "profiling" data when
    running tests. This, together with statistics collected by each driver, let
    me see how the h/w is performing. From certain of the times I can infer
    when the system is running at peak. If I correlate this with the system
    load I can tell farely well (I believe) whether the crypto h/w is fully
    utilized. The results of this work explain, for example, why the FreeBSD
    crypto code has diverged from OpenBSD and why it outperforms OpenBSD as much
    as 3x in some cases.

    I've also logged all the timestamp data and post-processed it to get useful
    data. I'm submitting a paper about this work soon.

        Sam

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message