On Thu, 2006-06-22 at 20:04 +0200, Hans-Joerg Hoexer wrote:
we are.
It would be great if you could explain us a little more about this?
BTW thanks for the great tool ipsecctl is!
Ciao
--
Massimo.run();
yes, the card needs to support all algorithms,
crypto_newsession() does this:
/*
* The algorithm we use here is pretty stupid; just use the
* first driver that supports all the algorithms we need. Do
* a double-pass over all the drivers, ignoring software ones
On Fri, 2006-06-23 at 10:00 +0200, Markus Friedl wrote:
yes, the card needs to support all algorithms,
crypto_newsession() does this:
/*
* The algorithm we use here is pretty stupid; just use the
* first driver that supports all the algorithms we need. Do
* a
On Wed, 2006-06-21 at 17:49 +0200, Bihlmaier Andreas wrote:
Sorry, for that but I thought it wouldn't matter:
I dont mean to offend you, but... i think test environment matter.
All hosts are in the same network and can talk directly to each other,
but for unsecure protocols (NFS, HTTP) I
On Thu, Jun 22, 2006 at 04:03:58PM +0200, Massimo Lusetti wrote:
On Wed, 2006-06-21 at 17:49 +0200, Bihlmaier Andreas wrote:
Sorry, for that but I thought it wouldn't matter:
I dont mean to offend you, but... i think test environment matter.
All hosts are in the same network and can
Bihlmaier Andreas wrote:
My problem with the speed is that compared to the performance I get out
of openssl (by USERcrypto) the IPSEC (in kernel) performance is terrible.
AFAIK right now it doesn't even make use of the crypto hardware because
I can get the same throughput with a comparable
Dries Schellekens wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
Sam Leffler of FreeBSD did some work in improving the performance of the
OpenBSD kernel crypto framework:
On Thu, Jun 22, 2006 at 05:08:07PM +0200, Dries Schellekens wrote:
Bihlmaier Andreas wrote:
My problem with the speed is that compared to the performance I get out
of openssl (by USERcrypto) the IPSEC (in kernel) performance is terrible.
AFAIK right now it doesn't even make use of the
Bihlmaier Andreas wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
I'm sorry, I didn't get it the first time, but I get it know :)
This is what I was seeking for, an answer.
Now I have to greatly improve my C
On Thu, Jun 22, 2006 at 10:22:08AM -0700, Joe wrote:
Dries Schellekens wrote:
Bihlmaier Andreas wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
I'm interested in purchasing one of these boards for my
On Thu, Jun 22, 2006 at 06:30:27PM +0200, Dries Schellekens wrote:
Bihlmaier Andreas wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
I'm sorry, I didn't get it the first time, but I get it know :)
This is
Bihlmaier Andreas [EMAIL PROTECTED] wrote:
Since I have no glue at all how IPSEC goes about looking for crypto
accelerator hardware and making use of it, I'm kind of stuck. Because
everything I have found so far by google and archives was that it should
just work.
Not directly applicable to
Bihlmaier Andreas wrote:
## openssl speed aes-128-cbc
type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes
aes-128 cbc 17311.15k18319.00k18569.35k18893.09k 18765.02k
## openssl speed aes-256-cbc
type 16 bytes 64 bytes256 bytes
On Wed, Jun 21, 2006 at 09:18:14AM +0200, Dries Schellekens wrote:
Bihlmaier Andreas wrote:
## openssl speed aes-128-cbc
type 16 bytes 64 bytes256 bytes 1024 bytes 8192
bytes
aes-128 cbc 17311.15k18319.00k18569.35k18893.09k 18765.02k
## openssl
Bihlmaier Andreas wrote:
I dont mean to offend you, but ...
Doh, I know that and these are VERY nice figures, BUT my problem is
that I have to slow (== no acceleration) speed in IPSEC.
I thought that OPenBSD would just make use of it (again in IPSEC) if it
detects it.
IPSEC always uses the
On Wed, 2006-06-21 at 13:48 +0200, Bihlmaier Andreas wrote:
I dont mean to offend you, but ...
Doh, I know that and these are VERY nice figures, BUT my problem is
that I have to slow (== no acceleration) speed in IPSEC.
I thought that OPenBSD would just make use of it (again in IPSEC) if it
On Wed, Jun 21, 2006 at 02:24:18PM +0200, Massimo Lusetti wrote:
On Wed, 2006-06-21 at 13:48 +0200, Bihlmaier Andreas wrote:
I dont mean to offend you, but ...
Doh, I know that and these are VERY nice figures, BUT my problem is
that I have to slow (== no acceleration) speed in IPSEC.
I
Bihlmaier Andreas wrote:
I use iperf -w 256k for testing purposes.
The speed between hosts/router using their real IPs (-B 10.0.0.*) is
about 70-80 Mb/s.
~22 Mb/s between host1 and host2 using their VPN IPs.
Hope this made some stuff more clear.
Thanks everyone for helping, I hope this can
On Wed, Jun 21, 2006 at 06:49:09PM +0200, Dries Schellekens wrote:
Bihlmaier Andreas wrote:
I use iperf -w 256k for testing purposes.
The speed between hosts/router using their real IPs (-B 10.0.0.*) is
about 70-80 Mb/s.
~22 Mb/s between host1 and host2 using their VPN IPs.
Hope this
On Wed, Jun 21, 2006 at 06:49:09PM +0200, Dries Schellekens wrote:
Bihlmaier Andreas wrote:
I use iperf -w 256k for testing purposes.
The speed between hosts/router using their real IPs (-B 10.0.0.*) is
about 70-80 Mb/s.
~22 Mb/s between host1 and host2 using their VPN IPs.
Hope this
20 matches
Mail list logo