From owner-freebsd-current@FreeBSD.ORG Tue Aug 3 15:17:45 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EBBE16A4CE; Tue, 3 Aug 2004 15:17:45 +0000 (GMT) Received: from avscan2.sentex.ca (avscan2.sentex.ca [199.212.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9855F43D46; Tue, 3 Aug 2004 15:17:44 +0000 (GMT) (envelope-from mike@sentex.net) Received: from localhost (localhost.sentex.ca [127.0.0.1]) by avscan2.sentex.ca (8.12.11/8.12.11) with ESMTP id i73FHhgm035825; Tue, 3 Aug 2004 11:17:43 -0400 (EDT) (envelope-from mike@sentex.net) Received: from avscan2.sentex.ca ([127.0.0.1]) by localhost (avscan2.sentex.ca [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 35748-01; Tue, 3 Aug 2004 11:17:43 -0400 (EDT) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by avscan2.sentex.ca (8.12.11/8.12.11) with ESMTP id i73FHhr3035788; Tue, 3 Aug 2004 11:17:43 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.11/8.12.11) with ESMTP id i73FHaeS037091; Tue, 3 Aug 2004 11:17:36 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.1.2.0.0.20040803092531.08ffed10@64.7.153.2> X-Sender: mdtpop@64.7.153.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Tue, 03 Aug 2004 11:22:41 -0400 To: Norikatsu Shigemura From: Mike Tancsa In-Reply-To: <20040803214133.31dd9b03.nork@FreeBSD.org> References: <20040803214133.31dd9b03.nork@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Virus-Scanned: by amavisd-new at avscan2b cc: freebsd-current@freebsd.org Subject: Re: OpenSSL with hifn(4) (cryptodev) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Aug 2004 15:17:45 -0000 At 08:41 AM 03/08/2004, Norikatsu Shigemura wrote: >Hi sam! > > I have two Soekris vpn1401 crypto accelerator cards. I installed > these to 4-stable machine and 5-current machine. Hi, Not all things are accelerated in openssl. Also depending on the CPU you use, it wont be faster and might even be slower. Where you really win is with concurrent jobs. In our app, our backup server takes several ssh streams of dump and tar. The P4 2.4 keeps up just fine even when 50Mb/s of traffic is coming in with the card, but is too taxed without it. Try the following tests Create a test file first dd if=/dev/urandom of=/tmp/big bs=1024k count=100 time /usr/bin/openssl enc -des3 -in /tmp/big -out /dev/null -k test with and without acceleration. The contrast is even greater, if you run /usr/bin/openssl enc -des3 -in /tmp/big -out /dev/null -k test & /usr/bin/openssl enc -des3 -in /tmp/big -out /dev/null -k test & /usr/bin/openssl enc -des3 -in /tmp/big -out /dev/null -k test & and watch the load avg and the time to completion. You can compile the program /usr/src/tools/tools/crypto/hifnstats.c which will spit out simple stats about the card. If you are using one of the newer HiFn cards, it will work with aes256 as well as des3. One caveat is that with the newer cards, I keep running into a fairly easily repeatable bug. (perhaps 2). On OpenBSD and FreeBSD I run into http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=3739 And this one is new and might be relevant to the FreeBSD driver as well http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=3873 There is also http://www.monkey.org/openbsd/archive/misc/0408/msg00008.html ... Not sure if its applicable or not yet. ---Mike