Date: Wed, 20 Aug 2003 08:53:49 -0700 From: Sam Leffler <sam@errno.com> To: freebsd-net@freebsd.org, freebsd-arch@freebsd.org Subject: CFR: fast ipsec locking Message-ID: <508312264.1061369629@melange.errno.com>
next in thread | raw e-mail | index | archive | help
http://www.freebsd.org/~sam/fastipsec.patch These changes add locking and cleanup some of the infrastructure; e.g. to do better accounting of dynamically allocated data structures. Basic operation is well-tested but I haven't done extensive testing of the re-keying (e.g. with racoon). There is one known performance bottleneck: the lock in the ipsecrequest structure is held for every outbound packet to guard against modification to the data structure. This looks to be fixable by redoing the SADB but won't happen for a while. Note that with these changes much of fast ipsec runs Giant-free because the crypto code is already Giant-free. I did some performance measurements a while back with this code and a Giant-free em driver and got netperf results over a h/w-accelerated 3DES+SHA1 tunnel that was about the same as -stable. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?508312264.1061369629>