Hi, On Tue, Aug 05, 2014 at 03:21:39PM -0500, Les Mikesell wrote: > I don't know enough about the rekeying process to know it this is > feasible, but it seems like there should be a way to use something > like apache's prefork model to spin off some number of processes to do > the cpu-intensive parts without a lot of change to the base code or > the complications of making everything thread-safe. And let the OS > spread the processes over different CPUs.
Each worker needs to know about SSL state, replay protection, IP routing information, etc. - so it won't be much easier than careful usage of threads for stuff like "here's a packet, go decrypt and hand back to me for routing" or "here's a packet, go encrypt and stuff down *that* socket". gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpRunwEw1lon.pgp
Description: PGP signature
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users