| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190423162521.sn4lfd5iia566f44@breakpoint.cc>
Date: Tue, 23 Apr 2019 18:25:21 +0200
From: Florian Westphal <fw@...len.de>
To: Vakul Garg <vakul.garg@....com>
Cc: Florian Westphal <fw@...len.de>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: ipsec tunnel performance degrade
Vakul Garg <vakul.garg@....com> wrote:
> > Vakul Garg <vakul.garg@....com> wrote:
> > > > Do you use xfrm interfaces?
> > >
> > > I don't think so. I use setkey to create policies/SAs.
> > > Can you please give me some hint about it?
> >
> > Then you're not using ipsec interfaces.
> >
> Instead of creating policies/SA using setkey, I shifted to using 'ip xfrm' commands.
> With this, I get good performance improvement (20% better in one case).
> Now xfrm_state_find() function is not taking much cpu.
Thats very strange, I have no explanation for this.
It would be good to find the cause, PF_KEY and 'ip xfrm'
are just different control plane frontends, they should have no impact
on data path performance.
> Is this what you meant by 'xfrm interfaces'?
No, i meant the xfrm network interfaces that were added recently, see
net/xfrm/xfrm_interface.c
> > I have no further suggestions. I don't know yet when I will have time to look
> > into refcnt optimizations.
> >
> > Idea would be to make them same as dev_hold/put.
>
> I will try to address it. Can you provide some guidance? Thanks.
I will try to make ugly POC hack tomorrow that should
illustrate the general idea (and caveats/bugs that need fixing).
Powered by blists - more mailing lists