Hi Peter,
I will try to add the requested configurability.
The ticket number is SFJ-52.
Best regards,
Frank
Am 02.11.2011 13:36, schrieb Peter Verthez:
> Hi Frank,
>
> To elaborate on this (because the context wasn't really explained in the
> original mail of Jones):
>
> We found that in performance tests on our product (with a big number of
> agents) that there was a high thread contention for SNMPv3 managed
> agents. A jstack showed that a lot of our threads were running in the
> following stack frame at the moment of the jstack, which indicates that
> this functionality generates a relatively big load:
>
> "JM-282" prio=3 tid=0x000000013f032800 nid=0x391 runnable
> [0xfffffffc89f38000]
> java.lang.Thread.State: RUNNABLE
> at sun.security.pkcs11.wrapper.PKCS11.C_DestroyObject(Native Method)
> at sun.security.pkcs11.SessionKeyRef.dispose(P11Key.java:1070)
> at
> sun.security.pkcs11.SessionKeyRef.drainRefQueueBounded(P11Key.java:1046)
> at sun.security.pkcs11.SessionKeyRef.<init>(P11Key.java:1061)
> at sun.security.pkcs11.P11Key.<init>(P11Key.java:97)
> at sun.security.pkcs11.P11Key$P11SecretKey.<init>(P11Key.java:374)
> at sun.security.pkcs11.P11Key.secretKey(P11Key.java:266)
> at
> sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:222)
> at
> sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:131)
> at sun.security.pkcs11.P11Cipher.engineGetKeySize(P11Cipher.java:828)
> at javax.crypto.Cipher.b(DashoA13*..)
> at javax.crypto.Cipher.a(DashoA13*..)
> at javax.crypto.Cipher.a(DashoA13*..)
> at javax.crypto.Cipher.a(DashoA13*..)
> - locked<0xfffffffd81aa1ca8> (a java.lang.Object)
> at javax.crypto.Cipher.init(DashoA13*..)
> at javax.crypto.Cipher.init(DashoA13*..)
> at org.snmp4j.security.PrivDES.encrypt(PrivDES.java:111)
> at org.snmp4j.security.USM.generateResponseMessage(USM.java:461)
> at org.snmp4j.security.USM.generateRequestMessage(USM.java:215)
> at org.snmp4j.mp.MPv3.prepareOutgoingMessage(MPv3.java:767)
> at
> org.snmp4j.MessageDispatcherImpl.sendPdu(MessageDispatcherImpl.java:444)
> at org.snmp4j.Snmp.sendMessage(Snmp.java:1067)
> at org.snmp4j.Snmp.send(Snmp.java:895)
> - locked<0xfffffffd81aa2068> (a org.snmp4j.Snmp$SyncResponseListener)
> at org.snmp4j.Snmp.send(Snmp.java:875)
>
> Originally, our performance team pointed in the direction of SNMP4J,
> saying that SNMP4J should probably not call Cipher.init() so much, but I
> could show them that section 8.1.1.1 in RFC 2574 requires to init the
> Cipher for each packet separately.
>
> So then we started looking at alternatives, and we found that if we
> hacked SNMP4J to use the Apache BouncyCastle security provider, the
> thread contention was gone and our application behaved properly. So
> presumably the Sun JCE security provider that is used by default by
> SNMP4J is not very optimally written.
>
> Now, we would not like to have to maintain our own patch on SNMP4J, so
> that is where the question from Jones came from: we tried to change the
> default security provider that SNMP4J uses without touching SNMP4J's
> code, but Security.insertProviderAt() apparently doesn't help in that
> even if we insert the provider at position 0.
>
> Could an API be added to permit applications to change the security
> provider that SNMP4J uses?
>
> Best regards,
> Peter.
>
>
> On 24/10/2011 9:00, jones vinu wrote:
>> Hi Frank,
>> We would want to change the Cipher encryption provider in our
>> application used by snmp4j since the Sun JCE provider is heavy weight . But
>> unfortunately we have not been able to change it without modifying snmp4j
>> since the Sun JCE provider is considered as the default provider even when
>> we insert Apache bouncy castle as the first priority provider. Hence it
>> would be good if we have option to configure the provider as a Configurable
>> parameter in some property file.
>>
>> Security.insertProviderAt(new BouncyCastleProvider(), 0);
>> try {
>> Cipher alg = Cipher.getInstance("DESede/CBC/NoPadding");
>> System.out.println(alg.getProvider());
>> } catch (NoSuchAlgorithmException e) {
>> // TODO Auto-generated catch block
>> e.printStackTrace();
>> } catch (NoSuchPaddingException e) {
>> // TODO Auto-generated catch block
>> e.printStackTrace();
>> }
>> Output :SunJCE version 1.6
>>
>> And using it as
>> Cipher alg = Cipher.getInstance("DESede/CBC/NoPadding","BC");
>> Output :BC version 1.4
>>
>> Thanks
>> Jones
>>
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J@agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>
_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j
