[Soekris] Corrupted MAC on input
der Mouse
mouse at Rodents.Montreal.QC.CA
Tue Sep 26 03:05:59 UTC 2006
> From prior traffic on this list, I have gotten the impression that
> the vpn1411 is entirely useless for any purpose whatsoever, and that
> Soekris should not be selling it. While good in theory, nothing
> appears to support it properly, and even in cases where it does work,
> the time lost in calling into the kernel driver is greater than the
> time saved by the hardware....
The one does not necessarily follow from the other.
In my tests, yes, the kernel crossing penalty outweighed the crypto
benefit. But something that's entirely in-kernel (IPsec, for example)
should be able to benefit much more effectively. Also, something that
does larger crypto ops should see more benefit - my test case was
OpenVPN, which rarely does crypto on more than about 1.5K.
That is, while your conclusion may well be right for all I know, it's
more than the evidence I've seen really supports.
This, of course, does not address whatever is responsible for the
"corrupted MAC" errors from OpenSSH. I have no more than a vague idea
where that's coming from, and if it's the hardware, that *is* a strong
reason to get rid of it.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the Soekris-tech
mailing list