On 6/5/16 2:17 PM, Roman Mamedov wrote: > On Sun, 5 Jun 2016 13:28:04 +0200 > "Fabio Pietrosanti (naif) - lists" <li...@infosecurity.ch> wrote: > >> I had to install to get the hw acceleration library: >> Tor version 0.2.8.1-alpha (git-9093e3769746742f). > > Which OS do you use? > > In my experience I had to recompile OpenSSL with the Padlock patch: > https://romanrm.net/openssl-padlock > And then Tor would simply crash if such patched OpenSSL is installed and > HardwareAccel is enabled in torrc. However I did not try the 0.2.8.1-alpha.
Yes, that's the way i've done the setup Tor+OpenSSL: cd sudo DEBIAN_FRONTEND=noninteractive apt-get update sudo DEBIAN_FRONTEND=noninteractive apt-get --yes --force-yes install checkinstall build-essential sudo DEBIAN_FRONTEND=noninteractive apt-get --yes --force-yes build-dep openssl sudo rm -rf ~/openssl git clone https://github.com/openssl/openssl.git cd openssl sudo ./config sudo make sudo make test sudo checkinstall sudo rm -rf ~/openssl sudo mv /usr/bin/c_rehash /usr/bin/c_rehashBACKUP sudo mv /usr/bin/openssl /usr/bin/opensslBACKUP sudo ln -s /usr/local/ssl/bin/c_rehash /usr/bin/c_rehash sudo ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl openssl version apt-cache show openssl root@dedi-fr-23644:~# root@dedi-fr-23644:~# openssl version OpenSSL 1.1.0-pre3-dev xx XXX xxxx root@dedi-fr-23644:~# openssl engine padlock (padlock) VIA PadLock (no-RNG, ACE) # Tor apt-get install libevent-dev wget https://www.torproject.org/dist/tor-0.2.8.1-alpha.tar.gz cd tor-0.2.8.1-alpha apt-get install zlib1g zlib1g-dev ./configure --with-openssl-dir=/usr/local/openssl --enable-static-openssl make make install mv /usr/bin/tor /usr/bin/tor.orig ln -s /etc/tor/torrc /usr/local/etc/tor/torrc # Edit /etc/tor/torrc and add HardwareAccel 1 AccelName padlock /usr/local/bin/tor -f /etc/tor/torrc & > >> In /etc/tor/torrc: >> HardwareAccel 1 >> AccelName padlock > > Do you get messages about successfully using 'padlock' in /var/log/tor/log? Yes root@dedi-fr-23644:~# zgrep -i padlock /var/log/tor/log* /var/log/tor/log:Jun 05 16:58:27.000 [notice] Default OpenSSL engine for AES-128-ECB is VIA PadLock (no-RNG, ACE) [padlock] > >> I see with iptraf 60.000kbit/s peak with 30% uses of main CPU. > > Do you mean 60 Mbit? If so, then that's a very good result for only 30% CPU. It means that the padlock is doing it's job in making crypto acceleration. > >> I'm wondering if that small boxes are hitting a limit of the hardware >> acceleration or limit of the provider or Tor network itself. > > Remember the Tor network won't instantly use 100% of your CPU or bandwidth > capabilities, it will take time to ramp up to speed: > https://blog.torproject.org/blog/lifecycle-of-a-new-relay > >> There's a way to measure the uses of the hw acceleration given by the >> Via Padlock, if it's at 10% of it's capacity or 100% ? > > There is no way, the only hint you have is the general CPU load. That's the point, i want to measure how the padlock hw accel is performing, to understand if it does hit it's limits or not. I think that we need to find a way > -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
