看板 FB_security 關於我們 聯絡資訊
發信人andy@lewman.com,
看板FB_security
標 題Re: recommended SSL-friendly crypto accelerator
發信站NCTU CSIE FreeBSD Server (Thu Apr 15 16:09:55 2004)
轉信站ptt!FreeBSD.csie.NCTU!not-for-mail
Yes, it appears to be both ssh and apache w/ssl. Here's ssh alone, from console, with single session login with rsa key: phobos# apachectl stop phobos# ./hifnstats input 485139168 bytes 1563934 packets output 485139168 bytes 1563934 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 phobos# ./hifnstats input 485141328 bytes 1563962 packets output 485141328 bytes 1563962 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 with ssh stopped, apache2 w/ssl hitting an ssl enabled site on the server: phobos# ./hifnstats input 485226224 bytes 1565175 packets output 485226224 bytes 1565175 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 <insert site hit here> phobos# ./hifnstats input 485232512 bytes 1565205 packets output 485232512 bytes 1565205 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 And for the heck of it, here's my crypto stats, but this doesn't mean it's going through the card; if i'm understanding it correctly. ../cryptostats 1565690 symmetric crypto ops (0 errors, 0 times driver blocked) 5 key ops (5 errors, 0 times driver blocked) 0 crypto dispatch thread activations 5 crypto return thread activations On Thu, Apr 15, 2004 at 11:05:30AM -0400, mike@sentex.net wrote 0.5K bytes in 16 lines about: : At 10:51 AM 15/04/2004, andy@lewman.com wrote: : >hifnstats shows decent amounts of traffic through it (at least : >interrupts) however cryptokeytest doesn't work due to an unsupport call : >apparently. : > : >Here's my hifnstats: : > : >input 476104224 bytes 1527365 packets : >output 476104224 bytes 1527365 packets : : But is that your ssh session that is being accelerated ? To test, login : via the console, or login using blowfish as the cipher. Then run hifnstats : and make sure that the packet counters are not incrementing. Then do your : https test. : : ---Mike -- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"