"Karl O. Pinc" writes:
> Doesn't the kernel care whether userspace has direct access to
> hardware?
If userspace has the right privileges, then no. The X server is an
example of this.
> Seems to me that the kernel does more than abstract hardware, it also
> protects hardware by managing concurr
On 04/29/2009 09:09:31 AM, Benny Amorsen wrote:
Siim Põder writes:
> Are you sure crypto accelerators allow DMA from user memory? I don't
> know for sure either, but I would suspect that they would work like
any
> other device: copy to kernel, DMA to device, DMA back to kernel,
copy to
> user.
Siim Põder writes:
> Are you sure crypto accelerators allow DMA from user memory? I don't
> know for sure either, but I would suspect that they would work like any
> other device: copy to kernel, DMA to device, DMA back to kernel, copy to
> user.
Devices don't care if memory belongs to user or k
Hi
David Sommerseth wrote:
> The HW accelerator will not have that extreme processing power as an HSM,
> but as they are working on the same internal bus as the rest of the
> hardware and closer to the encryption/decryption needing software, it can
> transfer smaller packages much more quickly and
Siim Põder wrote:
> Hi
>
> Karl O. Pinc wrote:
>> On 04/28/2009 07:43:47 AM, Siim Põder wrote:
>>> Karl O. Pinc wrote:
>> I believe you, but you lost me when it comes to the explanation. What
>> do ssh and grep have to do with adding a hardware encryption card?
>> (I think maybe you're thinking I
On 04/28/2009 02:40:43 PM, Siim Põder wrote:
Yes, I was still talking about additional boxes. HW encryption (as i
see
it) will not help at all, because by the current design, all packets
need to come to userland and go back to kernelland. Most likely to
talk
to the HW encryption device, another
Hi
Karl O. Pinc wrote:
> On 04/28/2009 07:43:47 AM, Siim Põder wrote:
>> Karl O. Pinc wrote:
> I believe you, but you lost me when it comes to the explanation. What
> do ssh and grep have to do with adding a hardware encryption card?
> (I think maybe you're thinking I'm still talking about additio
On 04/28/2009 07:43:47 AM, Siim Põder wrote:
Hi
Karl O. Pinc wrote:
> So, I believe it's easy and cheap to add hardware
> to a OpenVPN box and create a situation where
> the kernel/userspace transition cost does matter.
It's easy and cheap if you add a second box or third. But if you are
appro
Hi
Karl O. Pinc wrote:
> So, I believe it's easy and cheap to add hardware
> to a OpenVPN box and create a situation where
> the kernel/userspace transition cost does matter.
It's easy and cheap if you add a second box or third. But if you are
approaching tens of openvpn boxes (at various locatio
On 04/27/2009 03:45:58 AM, Benny Amorsen wrote:
It seems that OpenVPN is quite far away from the theoretical
performance
where kernel-userspace-kernel copying becomes an issue. Right now
encryption is quite expensive, except on a few platforms with
dedicated
AES instructions.
Dedicated encry
David Sommerseth writes:
> What if OpenVPN on selected platforms also provided it's own kernel driver
> which would do practically the same as the upstream tun.ko modules -
> except it provides a direct API which OpenVPN can utilize, to avoid the
> kernel-userspace-kernel ping-pong.
It seems tha
Karl O. Pinc wrote on 25/04/2009 7:42 PM:
On 04/25/2009 12:50:26 PM, David Sommerseth wrote:
Karl O. Pinc wrote:
On 04/24/2009 07:40:02 AM, Siim Põder wrote:
[snip]
Please pardon me for thinking out loud here...
I'll follow in this path, thinking out loud ...
On 04/25/2009 12:50:26 PM, David Sommerseth wrote:
Karl O. Pinc wrote:
> On 04/24/2009 07:40:02 AM, Siim Põder wrote:
[snip]
> Please pardon me for thinking out loud here...
I'll follow in this path, thinking out loud ...
> The problem is that moving data between userspace and kernelspace
>
Karl O. Pinc wrote:
> On 04/24/2009 07:40:02 AM, Siim Põder wrote:
[snip]
> Please pardon me for thinking out loud here...
I'll follow in this path, thinking out loud ...
> The problem is that moving data between userspace and kernelspace
> is expensive. (IIRC you can't just use the CPU to fi
On 04/24/2009 07:40:02 AM, Siim Põder wrote:
Hi
We are running a couple of openvpn servers with relatively high load
(Opterons 2xDC, e1000, recent kerneles) and it seems as if most of the
CPU time is not used on cryptography, but in softirq (send/recv for
udp
and read/write on tun?). This has l
Hi
We are running a couple of openvpn servers with relatively high load
(Opterons 2xDC, e1000, recent kerneles) and it seems as if most of the
CPU time is not used on cryptography, but in softirq (send/recv for udp
and read/write on tun?). This has lead us to suspect that most of the
time is spent
16 matches
Mail list logo
