Hi, On Tue, Aug 05, 2014 at 03:21:39PM -0500, Les Mikesell wrote: > I don't know enough about the rekeying process to know it this is > feasible, but it seems like there should be a way to use something > like apache's prefork model to spin off some number of processes to do > the cpu-intensive parts without a lot of change to the base code or > the complications of making everything thread-safe. And let the OS > spread the processes over different CPUs.
Each worker needs to know about SSL state, replay protection, IP routing
information, etc. - so it won't be much easier than careful usage of
threads for stuff like "here's a packet, go decrypt and hand back to
me for routing" or "here's a packet, go encrypt and stuff down *that*
socket".
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpRunwEw1lon.pgp
Description: PGP signature
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
