Re: Crypto Update for 2.6.38
From: Linus Torvalds
Date: Thu Jan 06 2011 - 18:25:59 EST
On Thu, Jan 6, 2011 at 2:53 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Jan 06, 2011 at 02:43:35PM -0800, Linus Torvalds wrote:
>>
>> Can you do the "bypass directly to the TCP stream" with the interface
>> you added? It isn't at all obvious how it would work.
>
> Yes it can. The interface allows zero-copy in both directions
> using the splice interface. Here is a sample program demonstrating
> zero-copy in-place encryption. It doesn't send the result over TCP
> but I'm sure you can imagine what that would look like.
Ok. So can we actually get numbers for this?
Put another way: I really really REALLY don't want to merge new
user-space interfaces that don't actually work in reality. But if this
allows direct encryption to a network interface, and it actually is
able to saturate 10Gb on niagara (unlike a user-mode encryption thing,
I assume, since those things are dog slow), then that would certainly
be a good real-life test.
But I really don't want to merge it unless it has had at least
real-life testing of actually doing better than regular sw user-space
encryption.
I realize that on PC's, it's unlikely to ever help. So I'm not asking
for "show me how this helps on my hardware". But I do want to get some
case on _some_ actual hardware where it works on a real load.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/