[Voyage-linux] ocf-enabled voyage lenny now available

Kim-man 'Punky' TSE (spam-protected)
Fri Jan 30 18:40:41 HKT 2009 

Hi Tom,

Honestly, I don't know why it needs to load cryptosoft module to get the 
best performance...

On openssl part, I will try to make the latest one patched with ocf.

On kernel part, I don't want to make any commitment that ocf will be 
maintained in the next kernel release.  Like openswan KLIPS module is no 
longer supported after 2.6.23).  It all depends on ocf-linux project to 
keep up with the latest kernel.

Regards,
Punky

mouse256 wrote:
> Hi Punky,
>
> That is indeed the solution, thanks! I already tried to modprobe 
> cryptodev and geode_aes, but forgot about cryptosoft :-)
>
> Do you have plans to keep the ocf patched version updated to the last 
> version? As I believe openssl is a quite important package to have the 
> last security patches, but the ocf patch is quite nice.
>
> Kind regards,
> Tom
>
> Punky Tse wrote:
>> Hi Tome,
>>
>> You may need to run "modprobe cryptosoft" to get the fastest result.
>>
>> Regards,
>> Punky
>>
>> mouse256 wrote:
>>> Hi Punky,
>>>
>>> Thanks for your reply, but I've already tried that option (see my 
>>> mail below). If I use that patched version, I get less errors, but 
>>> the speed is the same. Is there anything else I need to configure 
>>> (eg in my kernel) to make it work?
>>>
>>> Kind regards,
>>> Tom
>>>
>>> Punky Tse wrote:
>>>> Hi Tom,
>>>>
>>>> Try downgrading the openssl package to
>>>>
>>>>    http://www.voyage.hk/dists/0.6/openssl/
>>>>
>>>> It seems the latest lenny is 0.9.8g-15 that override our custome 
>>>> ocf package 0.9.8g-14ocf.
>>>>
>>>> Regards,
>>>> Punky
>>>>
>>>>
>>>> Tom Billiet wrote:
>>>>> Hi Punky,
>>>>>
>>>>> I finally got voyage lenny installed, and I wanted to do some 
>>>>> tests with ocf openssl, but I cannot get results like you.
>>>>>
>>>>> If I just try your openssl speed command with the default openssl 
>>>>> from voyage 0.6 (which I think should include the ocf patch 
>>>>> according to the changelog), I get this:
>>>>> [17:18][root at muizenhol:/home/tom]# openssl speed -evp aes-128-cbc 
>>>>> -engine cryptodev
>>>>> invalid engine "cryptodev"
>>>>> 31330:error:25066067:DSO support routines:DLFCN_LOAD:could not 
>>>>> load the shared 
>>>>> library:dso_dlfcn.c:162:filename(/usr/lib/ssl/engines/libcryptodev.so): 
>>>>> /usr/lib/ssl/engines/libcryptodev.so: cannot open shared object 
>>>>> file: No such file or directory
>>>>> 31330:error:25070067:DSO support routines:DSO_load:could not load 
>>>>> the shared library:dso_lib.c:244:
>>>>> 31330:error:260B6084:engine routines:DYNAMIC_LOAD:dso not 
>>>>> found:eng_dyn.c:450:
>>>>> 31330:error:2606A074:engine routines:ENGINE_by_id:no such 
>>>>> engine:eng_list.c:415:id=cryptodev
>>>>> 31330:error:25066067:DSO support routines:DLFCN_LOAD:could not 
>>>>> load the shared library:dso_dlfcn.c:162:filename(libcryptodev.so): 
>>>>> libcryptodev.so: cannot open shared object file: No such file or 
>>>>> directory
>>>>> 31330:error:25070067:DSO support routines:DSO_load:could not load 
>>>>> the shared library:dso_lib.c:244:
>>>>> 31330:error:260B6084:engine routines:DYNAMIC_LOAD:dso not 
>>>>> found:eng_dyn.c:450:
>>>>> Doing aes-128-cbc for 3s on 16 size blocks: 1013806 aes-128-cbc's 
>>>>> in 2.94s
>>>>> Doing aes-128-cbc for 3s on 64 size blocks: 308130 aes-128-cbc's 
>>>>> in 2.77s
>>>>> Doing aes-128-cbc for 3s on 256 size blocks: 82107 aes-128-cbc's 
>>>>> in 2.75s
>>>>> Doing aes-128-cbc for 3s on 1024 size blocks: 18259 aes-128-cbc's 
>>>>> in 2.40s
>>>>> Doing aes-128-cbc for 3s on 8192 size blocks: 2413 aes-128-cbc's 
>>>>> in 2.52s
>>>>> OpenSSL 0.9.8g 19 Oct 2007
>>>>> built on: Wed Jan  7 17:54:54 UTC 2009
>>>>> options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) 
>>>>> aes(partial) blowfish(idx)
>>>>> compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS 
>>>>> -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 
>>>>> -march=i586 -Wa,--noexecstack -g -Wall -DOPENSSL_BN_ASM_PART_WORDS 
>>>>> -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
>>>>> available timing options: TIMES TIMEB HZ=100 [sysconf value]
>>>>> timing function used: times
>>>>> The 'numbers' are in 1000s of bytes per second processed.
>>>>> type             16 bytes     64 bytes    256 bytes   1024 bytes   
>>>>> 8192 bytes
>>>>> aes-128-cbc       5517.31k     7119.25k     7643.42k     
>>>>> 7790.51k     7844.17k
>>>>>
>>>>> If I try then to install the ocf patched version of openssl and 
>>>>> libssl from http://ch.voyage.hk/dists/0.6/openssl/
>>>>> [17:15][root at muizenhol:/home/tom]# openssl speed -evp aes-128-cbc 
>>>>> -engine cryptodev
>>>>> engine "cryptodev" set.
>>>>> Doing aes-128-cbc for 3s on 16 size blocks: 1010727 aes-128-cbc's 
>>>>> in 2.93s
>>>>> Doing aes-128-cbc for 3s on 64 size blocks: 318572 aes-128-cbc's 
>>>>> in 2.87s
>>>>> Doing aes-128-cbc for 3s on 256 size blocks: 86528 aes-128-cbc's 
>>>>> in 2.89s
>>>>> Doing aes-128-cbc for 3s on 1024 size blocks: 18738 aes-128-cbc's 
>>>>> in 2.46s
>>>>> Doing aes-128-cbc for 3s on 2048 size blocks: 9412 aes-128-cbc's 
>>>>> in 2.45s
>>>>> OpenSSL 0.9.8g 19 Oct 2007
>>>>> built on: Thu Nov 27 01:34:17 HKT 2008
>>>>> options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) 
>>>>> aes(partial) blowfish(idx)
>>>>> compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS 
>>>>> -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV 
>>>>> -DUSE_CRYPTODEV_DIGESTS -DL_ENDIAN -DTERMIO -O3 -march=i586 
>>>>> -Wa,--noexecstack -g -Wall -DOPENSSL_BN_ASM_PART_WORDS 
>>>>> -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
>>>>> available timing options: TIMES TIMEB HZ=100 [sysconf value]
>>>>> timing function used: times
>>>>> The 'numbers' are in 1000s of bytes per second processed.
>>>>> type             16 bytes     64 bytes    256 bytes   1024 bytes   
>>>>> 2048 bytes
>>>>> aes-128-cbc       5519.33k     7104.04k     7664.76k     
>>>>> 7799.88k     7867.66k
>>>>>
>>>>> So no more errors, but no better speed either. I'm using an ALIX1C
>>>>> Thus my questions:
>>>>> 1) Is the default openssl version in voyage linux already patched 
>>>>> with the ocf patch?
>>>>> 2) What else do I need to get better speeds? Do I need to 
>>>>> recompile my kernel for geode?
>>>>>
>>>>> Thanks and kind regards,
>>>>> Tom
>>>>>
>>>>> ----- Original Message -----
>>>>> From: Kim-man 'Punky' TSE
>>>>> Time: 01-12-08 07:24
>>>>>> Hi all,
>>>>>>
>>>>>> I have included ocf patch to 2.6.26 voyage kernel and rebuild 
>>>>>> libssl and openssh package.  Voyage lenny now includes ocf 
>>>>>> enabled kernel and libssl.
>>>>>>
>>>>>> To test, you need to install ocf-enabled openssh, which could be 
>>>>>> found in:    http://www.voyage.hk/dists/experimental/openssl/
>>>>>>
>>>>>> Here are the test result on ALIX1C. 
>>>>>> ==========================================================
>>>>>> voyage:~# openssl speed -evp aes-128-cbc -engine cryptodev
>>>>>> engine "cryptodev" set.
>>>>>> Doing aes-128-cbc for 3s on 16 size blocks: 171575 aes-128-cbc's 
>>>>>> in 0.10s
>>>>>> Doing aes-128-cbc for 3s on 64 size blocks: 161556 aes-128-cbc's 
>>>>>> in 0.18s
>>>>>> Doing aes-128-cbc for 3s on 256 size blocks: 133868 aes-128-cbc's 
>>>>>> in 0.11s
>>>>>> Doing aes-128-cbc for 3s on 1024 size blocks: 78685 aes-128-cbc's 
>>>>>> in 0.07s
>>>>>> Doing aes-128-cbc for 3s on 2048 size blocks: 50938 aes-128-cbc's 
>>>>>> in 0.05s
>>>>>> OpenSSL 0.9.8g 19 Oct 2007
>>>>>> built on: Thu Nov 27 01:34:17 HKT 2008
>>>>>> options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) 
>>>>>> aes(partial) blo
>>>>>> compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS 
>>>>>> -D_REENTRANT -DDSO_DMavailable timing options: TIMES TIMEB HZ=100 
>>>>>> [sysconf value]
>>>>>> timing function used: times
>>>>>> The 'numbers' are in 1000s of bytes per second processed.
>>>>>> type             16 bytes     64 bytes    256 bytes   1024 
>>>>>> bytes   2048 bytes
>>>>>> aes-128-cbc      27452.00k    57442.13k   311547.35k  
>>>>>> 1151049.14k  2086420.48k
>>>>>> ==========================================================
>>>>>>
>>>>>> However, I cannot get the same result in ALIX3C.
>>>>>> Regards,
>>>>>> Punky
>>>>>>
>>>>>> _______________________________________________
>>>>>> Voyage-linux mailing list
>>>>>> Voyage-linux at list.voyage.hk
>>>>>> http://list.voyage.hk/mailman/listinfo/voyage-linux
>>>>> ------------------------------------------------------------------------ 
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Voyage-linux mailing list
>>>>> Voyage-linux at list.voyage.hk
>>>>> http://list.voyage.hk/mailman/listinfo/voyage-linux
>>>>>   
>>>>
>>


-- 
Regards,
Punky

Voyage Solutions (http://solution.voyage.hk)
* Embedded Solutions and Systems
  - Mesh Networking, Captive Portal, IP Surveillance, VoIP/PBX
  - Network Engineering, Development Platform and Consultation

More information about the Voyage-linux mailing list