[Swan-dev] ikev1 xauth regression
Andrew Cagney
andrew.cagney at gmail.com
Thu May 3 15:29:25 UTC 2018
> there still seems to be a slight bump when electric fence was enabled;
> and looking at the results some of the extra failures do show the
> crypto slowdown.
>
> To test this theory, I'll set up the next test run on
> testing.libreswan.org so that EFENCE is disabled.
Confirmed.
While the the last run at http://testing.libreswan.org/results/ isn't
yet finished the results are already clear.
Off hand, I can think of two reasons:
- IKEv1 hammers malloc() et.al. more than IKEv2
While I have my doubts, I've no real evidence either way. Anyone
worried enough to compare the number of malloc() et.al. calls used by
IKEv1 vs IKEv2 when handling certificates? No.
- IKEv2 tests have all been tweaked to use bigger timeouts (--impair
suppress-retransmits or retransmit-timeout=1500)
I guess the IKEv1 tests should be tweaked. I'll re-enable electric
fence so we can see the progress.
Andrew
More information about the Swan-dev
mailing list