Hei hei,

cross post following … ;-)

On Mon, Jul 03, 2017 at 08:56:42AM +0200, Robert Schwebel wrote:
> On Mon, Jul 03, 2017 at 12:03:26AM +0200, Alexander Dahl wrote:
> > On Sun, Jul 02, 2017 at 10:30:30PM +0200, Clemens Gruber wrote:
> > > I am wondering about the performance improvements when using the
> > > cryptodev openssl engine. There must be some cost for the context
> > > switches, but this is probably outweighed by the offloading.
> > > Did you for example run openssl speed aes-128-cbc before and after?
> > > And on what platform did you try it?
> > 
> > fli4l [1] uses cryptodev and the experience there is, it depends on
> > the platform. Some platforms benefit a lot, especially for OpenVPN,
> > others not so much. Depends on what the CPU offers and how fast the
> > system in general is.
> 
> Do you know why the module is not in mainline? Is there a discussion
> where the kernel maintainers motivate why they don't like this solution?

Sorry, I do not know. IIRC did we switch from some other hardware
acceleration approach in fli4l some time ago, but I can't remember any
details, and I doubt your question was discussed within the fli4l
team. The ticket in the fli4l bugtracker is this one:

https://ssl.nettworks.org/bugs/browse/FFL-946 

(You may notice it's a German project ;-) ).

I forward this conversation to the (not yet open) fli4l developer
list, maybe Christoph Schulz has more insights?

Greets
Alex

-- 
»With the first link, the chain is forged. The first speech censured, 
the first thought forbidden, the first freedom denied, chains us all 
irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: C28E E6B9 0263 95CF 8FAF  08FA 34AD CD00 7221 5CC6 ***