[Swan-dev] ikev1 xauth regression

Andrew Cagney andrew.cagney at gmail.com
Thu May 3 15:29:25 UTC 2018

> there still seems to be a slight bump when electric fence was enabled;
> and looking at the results some of the extra failures do show the
> crypto slowdown.
> To test this theory, I'll set up the next test run on
> testing.libreswan.org so that EFENCE is disabled.


While the the last run at http://testing.libreswan.org/results/ isn't
yet finished the results are already clear.

Off hand, I can think of two reasons:

- IKEv1 hammers malloc() et.al. more than IKEv2
While I have my doubts, I've no real evidence either way.  Anyone
worried enough to compare the number of malloc() et.al. calls used by
IKEv1 vs IKEv2 when handling certificates?  No.

- IKEv2 tests have all been tweaked to use bigger timeouts (--impair
suppress-retransmits or retransmit-timeout=1500)

I guess the IKEv1 tests should be tweaked.  I'll re-enable electric
fence so we can see the progress.


More information about the Swan-dev mailing list