From: Steffen Klassert <steffen.klassert@secunet.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, klassert@mathematik.tu-chemnitz.de
Subject: Re: [RFC PATCH 0/5] IPsec parallelization
Date: Tue, 2 Dec 2008 09:44:19 +0100 [thread overview]
Message-ID: <20081202084419.GF13998@secunet.com> (raw)
In-Reply-To: <20081202081948.GA30063@gondor.apana.org.au>
On Tue, Dec 02, 2008 at 04:19:48PM +0800, Herbert Xu wrote:
> On Tue, Dec 02, 2008 at 08:58:04AM +0100, Steffen Klassert wrote:
> >
> > The parallelization/serialization interface is generic, so the crypto
> > layer can use it in the same way as xfrm.
>
> I don't really have an opinion on the padata stuff. What I'm
> objecting to is the way you're putting the parallelism into
> xfrm.
>
> > The only network specific information that is used is the knowledge
> > of the xfrm_state that a packet uses. On serialization, this helps
> > to stay as parallel as possible. Packets that uses the same state must
> > go to the same cpu (because of the replay window) packets that use
> > different states can go to different cpus.
>
> Maybe I'm missing somthing, but all you're doing is paralleising
> based on xfrm_state objects. You can already do that trivially
> in the crypto layer with no network-specific knowledge at all
> because each xfrm_state allocates its own tfm objects.
No, it's not just parallelizing based on xfrm_states. We are running
in parallel even within the same state. That's why I'm getting a
bandwith up to 900Mbit/s when sending one tcp stream. Parallelizing
based on state would not help that much if you are sending just one
stream.
What happens is that we are sending the packets round robin to
the different cpus on parallelization. On serialization, the
packets will be brought back to the order as they were before the
parallelization. And to not just send all the packets back to one cpu,
I'm doing parallelization based on xfrm_state after that.
>
> What I'm proposing is that you create a single parallel crypto
> algorithm template similar to cryptd (FWIW you could even just
> extend cryptd to do this) that does the parallel processing
> based on tfms.
>
> This achieves exactly the same thing as your current patch-set
> plus:
>
> 1) The uesr no longer has to make a system-wide choice of whether
> to enable this, instead the control is per-SA through the usual
> algorithm selection mechanism which means that this no longer
> conflicts with async crypto;
>
> 2) There is no change to the xfrm code;
>
> 3) The same mechanism can benefit other crypto users such as
> disk encryption.
The padata stuff is generic, so it can be used even for disk
encryption or for anything else that should run in parallel but
needs a certain order at a given point.
next prev parent reply other threads:[~2008-12-02 8:43 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-01 7:16 [RFC PATCH 0/5] IPsec parallelization Steffen Klassert
2008-12-01 7:17 ` [RFC PATCH 1/5] padata: generic interface for parallel processing Steffen Klassert
2008-12-01 7:17 ` [RFC PATCH 2/5] xfrm: add possibility " Steffen Klassert
2008-12-01 7:19 ` [RFC PATCH 3/5] crypto: add possibility to force sync transform Steffen Klassert
2008-12-01 11:22 ` Herbert Xu
2008-12-01 13:19 ` Steffen Klassert
2008-12-01 7:19 ` [RFC PATCH 4/5] crypto: allow allocation of percpu crypto transforms Steffen Klassert
2008-12-01 11:38 ` Herbert Xu
2008-12-01 12:25 ` David Miller
2008-12-01 12:38 ` Herbert Xu
2008-12-01 13:21 ` Steffen Klassert
2008-12-01 7:20 ` [RFC PATCH 5/5] crypto: make struct aead percpu data Steffen Klassert
2008-12-01 11:40 ` Herbert Xu
2008-12-01 13:36 ` Steffen Klassert
2008-12-01 13:44 ` Herbert Xu
2008-12-01 13:47 ` [PATCH 1/6] crypto: hash - Make setkey optional Herbert Xu
2008-12-01 13:47 ` [PATCH 2/6] crypto: null - Switch to shash Herbert Xu
2008-12-01 13:47 ` [PATCH 3/6] crypto: rmd128 " Herbert Xu
2008-12-01 13:47 ` [PATCH 4/6] crypto: rmd160 " Herbert Xu
2008-12-01 13:47 ` [PATCH 5/6] crypto: rmd256 " Herbert Xu
2008-12-01 13:47 ` [PATCH 6/6] crypto: rmd320 " Herbert Xu
2008-12-01 13:51 ` [RFC PATCH 5/5] crypto: make struct aead percpu data Herbert Xu
2008-12-01 13:55 ` Steffen Klassert
2008-12-01 8:49 ` [RFC PATCH 0/5] IPsec parallelization Herbert Xu
2008-12-01 10:29 ` David Miller
2008-12-01 11:15 ` Herbert Xu
2008-12-02 7:58 ` Steffen Klassert
2008-12-02 8:19 ` Herbert Xu
2008-12-02 8:44 ` Steffen Klassert [this message]
2008-12-02 8:50 ` Herbert Xu
2008-12-02 9:21 ` Steffen Klassert
2008-12-02 8:53 ` Herbert Xu
2008-12-02 9:39 ` Steffen Klassert
2008-12-02 10:37 ` Herbert Xu
2008-12-01 11:20 ` Andi Kleen
2008-12-01 13:39 ` Herbert Xu
2008-12-02 8:00 ` Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081202084419.GF13998@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=klassert@mathematik.tu-chemnitz.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).