CFR: fast ipsec locking
From: Sam Leffler (sam_at_errno.com)
Date: 08/20/03
- Previous message: Sam Leffler: "CFR: fastforwarding locking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 20 Aug 2003 08:53:49 -0700 To: freebsd-net@freebsd.org, freebsd-arch@freebsd.org
http://www.freebsd.org/~sam/fastipsec.patch
These changes add locking and cleanup some of the infrastructure; e.g. to
do better accounting of dynamically allocated data structures.
Basic operation is well-tested but I haven't done extensive testing of the
re-keying (e.g. with racoon). There is one known performance bottleneck:
the lock in the ipsecrequest structure is held for every outbound packet to
guard against modification to the data structure. This looks to be fixable
by redoing the SADB but won't happen for a while. Note that with these
changes much of fast ipsec runs Giant-free because the crypto code is
already Giant-free. I did some performance measurements a while back with
this code and a Giant-free em driver and got netperf results over a
h/w-accelerated 3DES+SHA1 tunnel that was about the same as -stable.
Sam
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Sam Leffler: "CFR: fastforwarding locking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
