From owner-freebsd-stable@FreeBSD.ORG  Mon Jan 26 10:39:34 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 839E716A4CE; Mon, 26 Jan 2004 10:39:34 -0800 (PST)
Received: from ebb.errno.com (ebb.errno.com [66.127.85.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9752943D46; Mon, 26 Jan 2004 10:38:17 -0800 (PST)
	(envelope-from sam@errno.com)
Received: from 66.127.85.91 ([66.127.85.91])
	(authenticated bits=0)
	by ebb.errno.com (8.12.9/8.12.9) with ESMTP id i0QIc8HQ001004
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
	Mon, 26 Jan 2004 10:38:08 -0800 (PST)
	(envelope-from sam@errno.com)
From: Sam Leffler <sam@errno.com>
Organization: Errno Consulting
To: Robert Watson <rwatson@freebsd.org>,
	Rumen Telbizov <altares@e-card.bg>
Date: Mon, 26 Jan 2004 10:42:11 -0800
User-Agent: KMail/1.5.3
References: <Pine.NEB.3.96L.1040126132256.11399V-100000@fledge.watson.org>
In-Reply-To: <Pine.NEB.3.96L.1040126132256.11399V-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200401261042.11992.sam@errno.com>
cc: stable@freebsd.org
Subject: Re: FreeBSD + Rainbow Cryptoswift
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jan 2004 18:39:34 -0000

On Monday 26 January 2004 10:25 am, Robert Watson wrote:
> On Mon, 26 Jan 2004, Rumen Telbizov wrote:
> > Thank for the reply Mike.
> >
> > I took a look at those cards (vpn1201 and vpn1211).  They don't seem to
> > have AES support and only support 2-8 RSA connections/sec. Rainbow say
> > that their cards support 1000 RSA connections/sec which is quite
> > astonishing.  The vpn1401 and vpn1411 seem to have better performance
> > but as you said the hifn(4) driver support is broken for those :(
>
> Poul-Henning recently sent me some performance numbers from his initial
> work to hook GEOM up to the AES support in the crypto framework using the
> VPN1401/1411.  He didn't seem to report any brokenness in the driver in
> -CURRENT.  The support may not yet have been MFC'd to -STABLE yet,
> however.  I've CC'd Sam since his fingerprints are all over the code in
> question.  :-)

Asymmetric crypto calculations are presently very slow because the code is 
unchanged from openbsd.  Each operation malloc's several buffers and requires 
multiple context switches to insure the mallocs can be done in a blockable 
context.  In addition the asymmetric crypto handling code has not been 
optimized using the techniques applied to the symmetric crypto code paths.  
If these issues were addressed we'd probably get similar results.

Not sure about the comment about the hifn driver being broken.  If there's 
something wrong noone's reported it to me.

	Sam