DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
Old 10th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by Carpetsmoker View Post
Are you sure about the SSE4?
My bad: SSE3 and SSSE3.
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Old 10th October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Results of the Atom 230 test with OpenBSD 4.6-release, run from DVD. Four runs: i386 GENERIC and GENERIC.MP, amd64 GENERIC and GENERIC.MP. System was an MSI Nettop CS 120.

----
AES-128-CBC test results:

GENERIC/i386: 0m33.03s real 0m0.15s user 0m32.88s system
GENERIC/amd64: 0m32.63s real 0m0.16s user 0m31.22s system
GENERIC.MP/i386: 0m38.30s real 0m0.24s user 0m42.72s system
GENERIC.MP/amd64: 0m36.83s real 0m0.18s user 0m55.59s system
---
Speed tests: GENERIC/i386:

Single thread:

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 17317.63k 23456.74k 25811.60k 26466.83k 26674.35k
aes-192 cbc 18362.10k 21216.40k 22134.56k 22374.91k 22453.16k
aes-256 cbc 16240.72k 18315.06k 18963.82k 19131.11k 19184.52k
0m45.16s real 0m45.16s user 0m0.01s system

Two threads:

aes-128 cbc 17714.79k 23221.00k 27120.74k 26564.21k 26759.21k
aes-192 cbc 15776.52k 21328.78k 22225.61k 23043.40k 23035.30k
aes-256 cbc 14384.94k 17823.54k 18801.63k 19762.17k 20537.14k
0m46.72s real 0m0.00s user 0m0.02s system

Three threads:

aes-128 cbc 18225.82k 24305.35k 26110.21k 27701.08k 28024.31k
aes-192 cbc 16441.85k 20511.97k 24199.37k 22421.39k 24758.83k
aes-256 cbc 14782.53k 17067.67k 21000.85k 19236.29k 25083.94k
0m49.43s real 0m0.00s user 0m0.01s system

Speed tests, GENERIC/amd64:

Single thread:

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 24569.91k 25881.69k 26332.96k 26433.49k 26478.39k
aes-192 cbc 21581.97k 22555.53k 22896.95k 22973.32k 23005.64k
aes-256 cbc 19218.09k 19851.84k 20082.22k 20132.32k 20156.13k
0m46.97s real 0m45.16s user 0m0.01s system

Two threads:

aes-128 cbc 24014.08k 25281.38k 26507.32k 25506.59k 26597.55k
aes-192 cbc 21102.26k 22481.65k 23027.89k 22173.20k 23405.72k
aes-256 cbc 19292.13k 19624.55k 19777.68k 19492.18k 20729.95k
0m49.10s real 0m0.00s user 0m0.01s system

Three threads:

aes-128 cbc 24328.04k 26362.74k 24147.96k 27477.42k 25787.29k
aes-192 cbc 21891.30k 22619.40k 23677.69k 24659.34k 23848.09k
aes-256 cbc 20517.89k 20372.90k 19690.39k 21440.61k 20345.06k
0m51.06s real 0m0.01s user 0m0.01s system


Speed tests, GENERIC.MP/i386:

Single thread:

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 17327.94k 23419.97k 25809.48k 26470.91k 26668.91k
aes-192 cbc 15489.57k 20133.40k 21829.74k 22298.03k 22439.55k
aes-256 cbc 13953.82k 17501.75k 18736.31k 19071.91k 19170.91k
0m45.16s real 0m45.16s user 0m0.01s system

Two threads:

aes-128 cbc 26237.44k 39428.80k 45231.50k 47008.23k 47461.38k
aes-192 cbc 23856.65k 34225.92k 38472.83k 39778.68k 40128.60k
aes-256 cbc 21836.31k 30005.07k 33158.67k 34057.40k 34292.94k
0m45.17s real 0m0.01s user 0m0.02s system

Three threads:

aes-128 cbc 26303.78k 39456.35k 45830.41k 46789.49k 48217.55k
aes-192 cbc 23544.82k 34405.96k 39304.44k 39853.55k 39706.29k
aes-256 cbc 22178.44k 30041.12k 33149.84k 34040.33k 35413.99k
0m45.82s real 0m0.00s user 0m0.02s system

Speed tests, GENERIC.MP/amd64

Single thread:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 24534.68k 25887.43k 26337.04k 26450.84k 26483.84k
aes-192 cbc 21585.27k 22561.17k 22900.77k 22987.27k 23011.08k
aes-256 cbc 19220.91k 19856.14k 20082.48k 20137.08k 20153.41k
0m46.97s real 0m45.15s user 0m0.02s system

Two threads:

aes-128 cbc 36127.92k 37893.99k 38571.89k 38706.10k 38747.47k
aes-192 cbc 31828.11k 33192.90k 33717.79k 33831.38k 33836.92k
aes-256 cbc 28374.50k 29361.26k 29668.49k 29763.26k 29780.70k
0m46.98s real 0m0.00s user 0m0.02s system

Three threads:

aes-128 cbc 35974.69k 37325.56k 38508.54k 38350.03k 38759.72k
aes-192 cbc 31815.56k 33203.59k 33718.86k 33823.87k 33950.77k
aes-256 cbc 28432.75k 29196.86k 29655.02k 29736.17k 34759.10k
0m48.01s real 0m0.00s user 0m0.03s system
Reply With Quote
Old 10th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Our thanks to you and the wife .

So both the i386 and amd MP kernels are faster/more work units then their non-MP kernels sisters in -multi 2 and -multi 3, even though it's a single-core CPU .

Again, thanks!

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Old 11th October 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Moving thread to security subforum.
Reply With Quote
Old 12th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Power stats for my machine:
http://mrtg.coloclue.net/power-watt/...-4a_kwh_5.html

Average is at about 30W, this is for the Atom 330.

The Atom 330 has a TDP of 8W, the 230 a TDP of 4W. So most of the power isn't even going to the CPU but to other parts (Disks, chipset, etc.).
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 14th October 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default

Well I ordered the Supermicro system today with a 32GB Patriot Warp SSD drive. I'm eager to try the drive out. I'm hoping the lack if information I see online regarding OpenBSD and SSD's means there have been no troubles. Any benchmark on this you want me to run Scott?
__________________
Mike
Reply With Quote
Old 16th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by mikesg View Post
...Any benchmark on this you want me to run Scott?
Well ... I run my openBSD pf+openVPN machines on compact flash (CF), using UDMA mode-4 compatible CF cards (TRANSCEND 266x).

Is that a P-ATA or S-ATA SSD?

I will muse on a test. Suggestions welcome

And thanks, mikesg, for offering!

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Old 17th October 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default

SATA. This one specifically.
__________________
Mike
Reply With Quote
Old 21st October 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default

Stripped out all the work bits and just included the finished times. I added one more test on the end to work HyperThreading in with the cores.

Code:
OS:	OpenBSD 4.6 GENERIC.MP#89 i386
CPU:	Intel Atom 330 (1.6 dual core w/ HT enabled)
Mem:	2 x 512MB DDR2 PC2-5300 (Kingston)
HDD:	Patriot WARP SSD PE32GS25SSDR
SYS:    SUPERMICRO SYS-5015A-H

# time openssl dhparam -out 4096.pem 4096
80m29.05s real    80m52.94s user     0m0.36s system

# time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null
0m39.39s real     0m0.13s user     0m45.12s system

# time openssl speed aes
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      20985.30k    24882.07k    26168.64k    26508.33k    26617.20k
aes-192 cbc      18314.52k    21156.30k    22078.68k    22317.76k    22393.28k
aes-256 cbc      16199.47k    18267.73k    18918.40k    19085.18k    19138.25k
    0m44.94s real     0m45.16s user     0m0.01s system

# time openssl speed -multi 2 aes
aes-128 cbc      26225.23k    39334.38k    45187.77k    46969.94k    47490.85k
aes-192 cbc      23632.97k    34036.18k    38318.28k    39741.20k    40102.95k
aes-256 cbc      27395.71k    32280.03k    33875.69k    34303.54k    34409.66k
    0m44.95s real     0m0.00s user     0m0.03s system

# time openssl speed -multi 3 aes
aes-128 cbc      43699.74k    62988.33k    71228.82k    73662.79k    74406.66k
aes-192 cbc      39212.64k    54320.04k    60330.22k    62237.25k    62745.23k
aes-256 cbc      43783.70k    50771.32k    52989.85k    53504.35k    53738.76k
    0m44.96s real     0m0.01s user     0m0.02s system

# time openssl speed -multi 4 aes
aes-128 cbc      52515.85k    79062.82k    90566.99k    94105.46k    95207.86k
aes-192 cbc      47572.55k    68371.82k    77070.50k    79615.79k    80437.42k
aes-256 cbc      43600.37k    59881.42k    66617.64k    68458.31k    68853.80k
    0m44.96s real     0m0.01s user     0m0.02s system
This is top near the end of the last test:
Code:
load averages:   2.34,  1.13,  0.65                                   15:27:49
33 processes:  1 running, 28 idle, 4 on processor
CPU0 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle
CPU1 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle
CPU2 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle
CPU3 states:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle
Memory: Real: 11M/56M act/tot  Free: 936M  Swap: 0K/1028M used/tot

  PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU COMMAND
10335 root      64    0  676K 1344K onproc/3  -         0:05 19.92% openssl
12027 root      64    0  676K 1344K onproc/0  -         0:05 19.92% openssl
   68 root      64    0  612K 1348K run/1     -         0:05 19.87% openssl
 8034 root      64    0  676K 1344K onproc/2  -         0:05 19.87% openssl
__________________
Mike

Last edited by mikesg; 24th October 2009 at 10:16 PM.
Reply With Quote
Old 23rd October 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default

Overall I like this set up alot. I think I could have saved about $40 if I bought the motherboard and chassis separately. SuperMicro also has part number (CSE-RR1U-E8) for a PCI-E 8x riser card, which would allow you to add a 1, 2 or 4 port NIC. The 4 port may interfere with the hard drive bay as they are a lot larger. I ordered the 2.5" drive adapter (MCP-220-00044-0N) which will house two 2.5" drives. It was the same cost as the single drive adapter (which may work better with a large NIC). For the extra cost of buying the barebone, it would have been nice if the drive and riser card adapters were included. Well, don't mean to sound like a commercial. Hope this helps someone out!
__________________
Mike
Reply With Quote
Old 23rd October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by mikesg View Post
Stripped out all the work bits
# time openssl speed aes
0m44.94s real 0m45.16s user 0m0.02s system

# time openssl speed -multi 2 aes
0m44.96s real 0m0.00s user 0m0.02s system

# time openssl speed -multi 3 aes
0m44.96s real 0m0.01s user 0m0.02s system

# time openssl speed -multi 4 aes
0m44.98s real 0m0.00s user 0m0.04s [/code]
If we may ask ... we need to see the "work bits" for openssl speed tests.

Code:
Three threads:

aes-128 cbc      35974.69k    37325.56k    38508.54k    38350.03k    38759.72k
aes-192 cbc      31815.56k    33203.59k    33718.86k    33823.87k    33950.77k
aes-256 cbc      28432.75k    29196.86k    29655.02k    29736.17k    34759.10k
    0m48.01s real     0m0.00s user     0m0.03s system
It's the 34,759k (per second) number(s) that's the useful measure of comparisons.

Appreciated, if you could/would.

Thanks, mikesg
/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Old 23rd October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by mikesg View Post
...SuperMicro also has part number (CSE-RR1U-E8) for a PCI-E 8x riser card, which would allow you to add a 1, 2 or 4 port NIC.
Depending on what solution you're trying to drive, I took a different route ...

You can avoid the need for multiple NICs (or expensive multi-port NIC) by using VLANs in combination with a VLAN capable switch. At eight (8) 10/100/1000 ports I like the 3Com (3CDSG8). It's CAD$119 (http://www.onhop.ca/Product/Search/?...4&y=11&=Search).

You VLAN-TRUNK the system to the 3Com and then fan out the VLANs on the switch port interface(s), thereby emulating an 8 port (+1 uplink) NIC configuration.

If you need gobs of switch-system bandwidth, you can also channelize (trunk(4)) 2x1GB, again, depending on the topology needed and problems being tackled.

This saves slots and space inside your chassis.

At CAD$119, it also usually cheaper then higher-density NIC cards.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 23rd October 2009 at 05:39 PM.
Reply With Quote
Old 24th October 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default

Updated my post above with the requested info. Thanks for the VLAN info. It'll be the next thing I get into.
__________________
Mike
Reply With Quote
Old 25th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by mikesg View Post
Updated my post above with the requested info.
Thanks!
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Old 6th January 2010
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default

Built a second Supermicro system and chose the OCZ Vertex Turbo SSD MLC instead for the Indilinx controller. I've heard of a lot of reliability problems with the jmicron based SSD's. Anyway, I thought I would post the hdd benchmark done earlier for this unit as well:
Code:
# time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null
1024+0 records in
1024+0 records out
4194304 bytes transferred in 39.636 secs (105820 bytes/sec)
    0m39.64s real     0m0.16s user     0m44.77s system
EDIT: Ahh one more. My buddy dropped off his Intel X25 SLC (SSDSA2SH032G1).
Code:
# time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null
1024+0 records in
1024+0 records out
4194304 bytes transferred in 39.643 secs (105800 bytes/sec)
    0m39.64s real     0m0.15s user     0m45.93s system
__________________
Mike

Last edited by mikesg; 6th January 2010 at 04:25 PM.
Reply With Quote
Reply

Tags
firewall, firewall hardware, hardware

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PF firewall bsdnewbie999 OpenBSD General 3 28th April 2009 12:35 PM
firewall for 2 adsl milo974 OpenBSD General 2 13th October 2008 05:03 PM
The great appliance hunt. diw General Hardware 8 23rd July 2008 07:02 PM
OpenBSD firewall resources J65nko OpenBSD Security 0 1st June 2008 02:28 AM
Web GUI for firewall ? giga FreeBSD General 6 8th May 2008 05:10 AM


All times are GMT. The time now is 10:02 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick