Bug #7810
closedopenssl/openvpn need to have loaded booth AESNI and cryptodev to accelerate AES operations , but gui alows you load only one at once
100%
Description
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: kldunload cryptodev
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: kldunload aesni
Test with no accell
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 28667689 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 10861051 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 256 size blocks: 3253311 aes-256-cbc's in 2.98s
Doing aes-256-cbc for 3s on 1024 size blocks: 857208 aes-256-cbc's in 2.98s
Doing aes-256-cbc for 3s on 8192 size blocks: 108972 aes-256-cbc's in 3.00s
OpenSSL 1.0.2k-freebsd 26 Jan 2017
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 152894.34k 232307.39k 279069.36k 294125.57k 297566.21k
- cryptodev only
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: kldload cryptodev
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 29882712 aes-256-cbc's in 3.03s
Doing aes-256-cbc for 3s on 64 size blocks: 10840409 aes-256-cbc's in 2.98s
Doing aes-256-cbc for 3s on 256 size blocks: 3260969 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 1024 size blocks: 857748 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 8192 size blocks: 112529 aes-256-cbc's in 3.09s
OpenSSL 1.0.2k-freebsd 26 Jan 2017
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 157731.43k 232472.85k 278995.91k 293542.42k 298722.05k
#aesni , no cryptodev
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: kldunload cryptodev
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: kldload aesni
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 29881110 aes-256-cbc's in 3.05s
Doing aes-256-cbc for 3s on 64 size blocks: 11598720 aes-256-cbc's in 3.19s
Doing aes-256-cbc for 3s on 256 size blocks: 3341075 aes-256-cbc's in 3.05s
Doing aes-256-cbc for 3s on 1024 size blocks: 862423 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 111657 aes-256-cbc's in 3.06s
OpenSSL 1.0.2k-freebsd 26 Jan 2017
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 156914.14k 232884.10k 280000.88k 294373.72k 298675.64k
#cryptodev and aesni
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: kldload cryptodev
[2.4.0-RC][root@castor.ninex.info]/boot/kernel: openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 875922 aes-256-cbc's in 0.36s
Doing aes-256-cbc for 3s on 64 size blocks: 853675 aes-256-cbc's in 0.29s
Doing aes-256-cbc for 3s on 256 size blocks: 690695 aes-256-cbc's in 0.25s
Doing aes-256-cbc for 3s on 1024 size blocks: 379340 aes-256-cbc's in 0.13s
Doing aes-256-cbc for 3s on 8192 size blocks: 73444 aes-256-cbc's in 0.06s
OpenSSL 1.0.2k-freebsd 26 Jan 2017
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 38997.57k 189008.26k 707271.68k 3107553.28k 9626451.97k
imho we should keep loaded booth to accelerate OpenSSL and OpenVPN
Ipsec accelerates without Cryptodev.
Updated by Renato Botelho about 7 years ago
- Target version changed from 2.4.0 to 2.4.1
Updated by Jim Pingle about 7 years ago
- Assignee set to Jim Pingle
There is still some debate as to whether or not this is even necessary or would ever help, but it should be simple to add so it can cover edge cases we haven't identified yet.
Updated by Jim Pingle about 7 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset f96376a378211155181a02a053cbb7ff9a700056.
Updated by Chris Linstruth about 7 years ago
Verified that the correct combination of aesni.ko and cryptodev.ko are present after a reboot and that cryptodev is only available for selection in OpenVPN if loaded.
Updated by Jim Pingle about 7 years ago
- Status changed from Feedback to Resolved