lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 17 Jan 2020 16:28:54 +0530
From:   Ayush Sawal <ayush.sawal@...cdesigners.com>
To:     Steffen Klassert <steffen.klassert@...unet.com>
Cc:     ayush.sawal@...cdesigners.com,
        Herbert Xu <herbert@...dor.apana.org.au>,
        linux-crypto@...r.kernel.org, manojmalviya@...lsio.com,
        Ayush Sawal <ayush.sawal@...lsio.com>, netdev@...r.kernel.org
Subject: Re: Advertise maximum number of sg supported by driver in single
 request

Hi steffen,

On 1/17/2020 12:34 PM, Steffen Klassert wrote:
> On Fri, Jan 17, 2020 at 12:13:07PM +0530, Ayush Sawal wrote:
>> Hi Herbert,
>>
>> On 1/17/2020 11:53 AM, Herbert Xu wrote:
>>> On Thu, Jan 16, 2020 at 01:27:24PM +0530, Ayush Sawal wrote:
>>>> The max data limit is 15 sgs where each sg contains data of mtu size .
>>>> we are running a netperf udp stream test over ipsec tunnel .The ipsec tunnel
>>>> is established between two hosts which are directly connected
>>> Are you actually getting 15-element SG lists from IPsec? What is
>>> generating an skb with 15-element SG lists?
>> we have established the ipsec tunnel in transport mode using ip xfrm.
>> and running traffic using netserver and netperf.
>>
>> In server side we are running
>> netserver -4
>> In client side we are running
>> "netperf -H <serverip> -p <port> -t UDP_STREAM  -Cc -- -m 21k"
>> where the packet size is 21k ,which is then fragmented into 15 ip fragments
>> each of mtu size.
> I'm lacking a bit of context here, but this should generate 15 IP
> packets that are encrypted one by one.
This is what i observed ,please correct me if i am wrong.
The packet when reaches esp_output(),is in socket buffer and based on 
the number of frags ,sg is initialized  using
sg_init_table(sg,frags),where frags are 15 in our case.

The socket buffer data is then copied to this sg and then struct 
aead_request members are filled.
After this crypto aead request which contains all data in its sg list 
goes to hw crypto driver for encryption in a single request.

In the crypto driver we are receiving a single aead-request with all 15 
sgs in that request.

Thanks,

Ayush

Powered by blists - more mailing lists