Re: Crypto Update for 2.6.38

From: Linus Torvalds
Date: Thu Jan 06 2011 - 18:25:59 EST


On Thu, Jan 6, 2011 at 2:53 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Jan 06, 2011 at 02:43:35PM -0800, Linus Torvalds wrote:
>>
>> Can you do the "bypass directly to the TCP stream" with the interface
>> you added? It isn't at all obvious how it would work.
>
> Yes it can.  The interface allows zero-copy in both directions
> using the splice interface.  Here is a sample program demonstrating
> zero-copy in-place encryption.  It doesn't send the result over TCP
> but I'm sure you can imagine what that would look like.

Ok. So can we actually get numbers for this?

Put another way: I really really REALLY don't want to merge new
user-space interfaces that don't actually work in reality. But if this
allows direct encryption to a network interface, and it actually is
able to saturate 10Gb on niagara (unlike a user-mode encryption thing,
I assume, since those things are dog slow), then that would certainly
be a good real-life test.

But I really don't want to merge it unless it has had at least
real-life testing of actually doing better than regular sw user-space
encryption.

I realize that on PC's, it's unlikely to ever help. So I'm not asking
for "show me how this helps on my hardware". But I do want to get some
case on _some_ actual hardware where it works on a real load.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/