Am Sonntag, 22. Februar 2015, 22:26:32 schrieb Nikos Mavrogiannopoulos: Hi Nikos, > On Sun, 2015-02-22 at 16:04 +0100, Stephan Mueller wrote: > > Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj: > > > > Hi sri, > > > > > Hi Stephen, > > > > > > It was a great information with respective PF_ALG , I have explored a > > > bit on openssl and algorithms prospect , Please let me know if > > > anything to add to it. > > > > > > openssl crypto engine: > > > > > > below are the steps to enable openssl to communicate using pf/af_alg. > > > > > > #1:git clone http://src.carnivore.it/users/common/af_alg/ > > > > Yes, that is it. But it is not fully efficient as it does not use vmsplice > > where appropriate. So, libkcapi should be faster in several use cases. > > When would vmsplice be appropriate? As far as I understand vmsplice adds > a cost on operations for small data, which is the majority of use cases > in crypto. In the measurements I did for cryptodev-linux [0] vmsplice > did improve performance only for more than 64k packets which is never > the case with real world crypto (TLS has a maximum of 14k for example). According to my measurements, I have the following heuristic for symmetric ciphers: if the ciphertext is less than 1<<13, then use one sendmsg call. Otherwise use vmsplice. For AEAD, my library uses 3 IOVecs which means that sendmsg is faster in any case (the overhead for setting up 3 IOVecs in kernel space for vmsplice is higher than sendmsg copy). For hashes, I yet have to make the measurements. > > regards, > Nikos > > [0]. http://cryptodev-linux.org/comparison.html > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-crypto" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html