Re: Bug#552270: Marvell CESA driver and Kirkwood
* Uri Simchoni | 2010-04-22 06:23:12 [+0300]: I have some IPSec background but am not familiar with the Linux implementation (I'm using the mv_cesa for SSL acceleration through a usermode interface I'm working on). Can you point me to the nearest howto? I suppose I could have a look. If it is possible, please post some patches which describe the user land interface. For IPSec I use this[0] shell script which sets up a connection. Good for testing :) So you need two boxes, start the script on both machines and the first ping that reached my orion box triggered that error. I just sent something that looked like a fix. I enabled list and sg debugging and a flood ping triggered a couple of warning. Could you please look at this? IPsec requests authenc(hmac(sha1),cbc(aes)) so right now it reqeusts two cesa provided algorithms. A single ping results in around 30ms RTT. Disabling hmac(sha1) gives me less than 1ms. Implementing authenc() for IPsec should speed things up. Right I'm stuck with hacking DMA support. For now I think lowering priority of hmac() should fix the problem. A direct request mv-hmac-sha1 should still returned the mv driver. What do you thing? Need to run now Thanks, Uri. Sebastian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Bug#552270: Marvell CESA driver and Kirkwood
* Sebastian Andrzej Siewior | 2010-04-24 17:12:07 [+0200]: For IPSec I use this[0] shell script which sets up a connection. Good for [0] http://breakpoint.cc/ipsec.sh Sebastian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Bug#552270: Marvell CESA driver and Kirkwood
On 4/24/2010 6:12 PM, Sebastian Andrzej Siewior wrote: * Uri Simchoni | 2010-04-22 06:23:12 [+0300]: For IPSec I use this[0] shell script which sets up a connection. Good for testing :) Thanks, That'll save time setting it up... I enabled list and sg debugging and a flood ping triggered a couple of warning. Could you please look at this? Sure. IPsec requests authenc(hmac(sha1),cbc(aes)) so right now it reqeusts two cesa provided algorithms. A single ping results in around 30ms RTT. Since the CESA does each operation faster than sw (at least when the packet size exceeds some threshold), I see no reason for it to slow the process down. The slowness probably is somehow caused by the same thing that causes the oops, or by debug warning prints. Disabling hmac(sha1) gives me less than 1ms. Implementing authenc() for IPsec should speed things up. Right I'm stuck with hacking DMA support. Well, so far I wasn't able to figure out how it all fits together - sure, the CESA can do AES-CBC+HMAC-SHA1 in one run, but I'm not sure it's suitable for IPSec, or that the crypto infrastructure supports a HW driver for combined operation. (the CESA is probably not suitable for SSL because of alignment problems, IPSec is better in that respect). For now I think lowering priority of hmac() should fix the problem. A direct request mv-hmac-sha1 should still returned the mv driver. What do you thing? I think there's a bug here I should find and fix. Till then perhaps the mv-hmac-sha1 driver should not be registered at all. Need to run now Thanks, Uri. Sebastian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html