From: Ben Greear <greearb@candelatech.com>
To: Christian Lamparter <chunkeey@googlemail.com>
Cc: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>
Subject: Re: Looking for non-NIC hardware-offload for wpa2 decrypt.
Date: Mon, 28 Jul 2014 13:50:22 -0700 [thread overview]
Message-ID: <53D6B78E.1070705@candelatech.com> (raw)
In-Reply-To: <12936014.DUEgOXk110@blech>
On 03/31/2014 11:09 AM, Christian Lamparter wrote:
> Hello,
>
> On Sunday, March 30, 2014 09:40:24 PM Ben Greear wrote:
>> Due to hardware/firmware limitations, it does not appear possible to
>> have a wifi NIC do hardware decrypt when using multiple stations on a single
>> NIC (and have both stations connected to the same AP).
>>
>> This just happens to be one of my favourite things to do, and it kills
>> performance compared to normal 'Open' throughput.
>>
>> I am curious if anyone knows of any way to accelerate rx-decrypt, perhaps by
>> using a specialized hardware board or maybe a feature of certain CPUs?
>
> You could check if your CPU (bios and kernel) have support for AES-NI [0].
> AFAICT mac80211 utilizes the cryptoapi. Therefore anything that supports
> the proper crypto bindings can be used to accelerate the encryption and
> decryption process to some degree. And it just happens that thanks to
> AES-NI parts of math can be efficiently calculated by the CPU.
I recently took a look at this again, and the Intel E5 I'm using
does use the aesni instructions/driver as far as I can tell.
Throughput is still around 500Mbps where open is around 800Mbps.
perf top shows this:
Samples: 37K of event 'cycles', Event count (approx.): 19360716192
12.01% [kernel] [k] math_state_restore
11.64% [kernel] [k] _aesni_enc1
8.25% [kernel] [k] __save_init_fpu
2.44% [kernel] [k] crypto_xor
1.87% [kernel] [k] irq_fpu_usable
1.30% [kernel] [k] aes_encrypt
0.76% [kernel] [k] __kernel_fpu_end
....
Any other magic add-in cards that would somehow just make this all faster w/out
having to do any real programming work? :)
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
next prev parent reply other threads:[~2014-07-28 20:50 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-31 4:40 Looking for non-NIC hardware-offload for wpa2 decrypt Ben Greear
2014-03-31 18:09 ` Christian Lamparter
2014-07-28 20:50 ` Ben Greear [this message]
2014-07-29 22:29 ` Christian Lamparter
2014-07-29 22:50 ` Ben Greear
2014-07-30 18:59 ` Christian Lamparter
2014-07-30 19:08 ` Ben Greear
2014-07-31 20:05 ` Jouni Malinen
2014-07-31 20:45 ` Christian Lamparter
2014-08-05 23:09 ` Ben Greear
2014-08-07 14:05 ` Christian Lamparter
2014-08-07 17:45 ` Ben Greear
2014-08-10 13:44 ` Christian Lamparter
2014-08-12 18:34 ` Ben Greear
2014-08-14 12:39 ` Christian Lamparter
2014-08-14 17:09 ` Ben Greear
2014-08-19 18:18 ` Ben Greear
2014-08-20 20:47 ` Christian Lamparter
2014-08-20 21:04 ` Ben Greear
2014-08-22 22:55 ` Christian Lamparter
2014-07-30 7:06 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53D6B78E.1070705@candelatech.com \
--to=greearb@candelatech.com \
--cc=chunkeey@googlemail.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.