On Mon, Oct 08, 2007 at 11:19:26AM +1000, David McCullough wrote: > > I have to agree, you cannot queue crypto forever (no drops), it's too > slow. This is not what the backlog does. The backlog guarantees that each tfm can queue at least one request if necessary. This is needed for users such as dm-crypt. > There is a similar queue in OCF and unless you put a limit on it's size > you can easily run you system out of memory. The Q needs a configurable > limit of some kind. Flood ping an ipsec tunnel and the crypto is where > all the data will bank up. This is how it works here too. A queue with a configurable limit plus the backlog which is bounded by the number of tfm objects. > If I understand what you are asking Evgeniy to do, you will be > putting the logic for managing the Q into every driver. Sounds like > something that needs to move up a level ? No the logic is in the helpers. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
