* Uri Simchoni | 2010-04-24 21:43:35 [+0300]: Sorry for the late reply.
>> I enabled list and sg debugging and a flood ping triggered a couple of >> warning. Could you please look at this? >Sure. It seems that everything is working now. >> IPsec requests authenc(hmac(sha1),cbc(aes)) so right now it reqeusts two >> cesa provided algorithms. A single ping results in around 30ms RTT. >Since the CESA does each operation faster than sw (at least when the packet >size exceeds some threshold), I see no reason for it to slow the process down. >The slowness probably is somehow caused by the same thing that causes the >oops, or by debug warning prints. Yup looks like it. >> Disabling hmac(sha1) gives me less than 1ms. >> Implementing authenc() for IPsec should speed things up. Right I'm stuck >> with hacking DMA support. >Well, so far I wasn't able to figure out how it all fits together - sure, the >CESA can do AES-CBC+HMAC-SHA1 in one run, but I'm not sure it's suitable for >IPSec, or that the crypto infrastructure supports a HW driver for combined >operation. (the CESA is probably not suitable for SSL because of alignment >problems, IPSec is better in that respect). It does, AEAD is just for this purpose. The FSL talitos driver does this. Not sure if it is the only one. I try to hack DMA support before I focus on this. >>> Thanks, >>> Uri. Sebastian -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
