Re: communicating from the user space

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Sonntag, 22. Februar 2015, 22:26:32 schrieb Nikos Mavrogiannopoulos:

Hi Nikos,

> On Sun, 2015-02-22 at 16:04 +0100, Stephan Mueller wrote:
> > Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
> > 
> > Hi sri,
> > 
> > > Hi Stephen,
> > > 
> > > It was a great information with respective PF_ALG , I have explored a
> > > bit on openssl and algorithms prospect , Please let me know if
> > > anything to add to it.
> > > 
> > > openssl crypto engine:
> > > 
> > > below are the steps to enable openssl to communicate using pf/af_alg.
> > > 
> > > #1:git clone http://src.carnivore.it/users/common/af_alg/
> > 
> > Yes, that is it. But it is not fully efficient as it does not use vmsplice
> > where appropriate. So, libkcapi should be faster in several use cases.
> 
> When would vmsplice be appropriate? As far as I understand vmsplice adds
> a cost on operations for small data, which is the majority of use cases
> in crypto. In the measurements I did for cryptodev-linux [0] vmsplice
> did improve performance only for more than 64k packets which is never
> the case with real world crypto (TLS has a maximum of 14k for example).

According to my measurements, I have the following heuristic for symmetric 
ciphers: if the ciphertext is less than 1<<13, then use one sendmsg call. 
Otherwise use vmsplice.

For AEAD, my library uses 3 IOVecs which means that sendmsg is faster in any 
case (the overhead for setting up 3 IOVecs in kernel space for vmsplice is 
higher than sendmsg copy).

For hashes, I yet have to make the measurements.
> 
> regards,
> Nikos
> 
> [0]. http://cryptodev-linux.org/comparison.html
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux