On 4/24/2010 6:12 PM, Sebastian Andrzej Siewior wrote: > * Uri Simchoni | 2010-04-22 06:23:12 [+0300]: > > For IPSec I use this[0] shell script which sets up a connection. Good for > testing :) Thanks, That'll save time setting it up... > I enabled list and sg debugging and a flood ping triggered a couple of > warning. Could you please look at this? Sure. > > IPsec requests authenc(hmac(sha1),cbc(aes)) so right now it reqeusts two > cesa provided algorithms. A single ping results in around 30ms RTT. Since the CESA does each operation faster than sw (at least when the packet size exceeds some threshold), I see no reason for it to slow the process down. The slowness probably is somehow caused by the same thing that causes the oops, or by debug warning prints. > Disabling hmac(sha1) gives me less than 1ms. > Implementing authenc() for IPsec should speed things up. Right I'm stuck > with hacking DMA support. Well, so far I wasn't able to figure out how it all fits together - sure, the CESA can do AES-CBC+HMAC-SHA1 in one run, but I'm not sure it's suitable for IPSec, or that the crypto infrastructure supports a HW driver for combined operation. (the CESA is probably not suitable for SSL because of alignment problems, IPSec is better in that respect). > > For now I think lowering priority of hmac() should fix the problem. A > direct request "mv-hmac-sha1" should still returned the mv driver. What > do you thing? > I think there's a bug here I should find and fix. Till then perhaps the mv-hmac-sha1 driver should not be registered at all. > Need to run now.... > >> Thanks, >> Uri. > > Sebastian -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html