PCEngines APU2/APU3/APU4 running on 20.7

Started by Ricardo, August 04, 2020, 12:01:41 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions
December 06, 2020, 07:51:46 AM #45
Another round:

/usr/local/bin/openssl speed -elapsed -evp aes-128-cbc
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15874993 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 7012502 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 2832566 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 772744 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 8192 size blocks: 103137 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 52408 aes-128-cbc's in 3.00s
OpenSSL 1.1.1h  22 Sep 2020
built on: Tue Oct 20 22:46:58 2020 UTC
options:bn(64,64) rc4(8x,int) des(int) aes(partial) blowfish(ptr)
compiler: cc -fPIC -pthread -Wa,--noexecstack -Qunused-arguments -O2 -pipe  -DHARDENEDBSD -fPIE -fPIC -fstack-protector-all -fno-strict-aliasing -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_THREAD_SAFE -D_REENTRANT -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      84666.63k   149600.04k   241712.30k   263078.19k   281632.77k   286217.56k
OPNsense HW:

Minisforum Venus series UN100C, 16 GB RAM, 512 GB SSD
T-bao N9N Pro, 16 GB RAM, 512 GB SSD
December 06, 2020, 09:30:59 AM #46
Quote from: Ricardo on December 04, 2020, 09:30:12 PM
1) For the love of god, why do you guys deploy 2 different openssl versions on the same opnsense without describing this trapmine?

I'm not sure if you are intentionally hard to work with or that it is just what it is.

FreeBSD requires an embedded base system OpenSSL library for bootstrap reasons, but this version cannot be changed on the fly without reinstalling the whole base system. That's why we use a package on top to allow quick updates and also the possibility to use LibreSSL.

This information isn't new and certainly not rocket science. Failure to learn from past threads which have plenty of information on the subject is on the individual user.


Cheers,
Franco
December 06, 2020, 01:38:46 PM #47
Quote from: franco on December 06, 2020, 09:30:59 AM
Quote from: Ricardo on December 04, 2020, 09:30:12 PM
1) For the love of god, why do you guys deploy 2 different openssl versions on the same opnsense without describing this trapmine?

I'm not sure if you are intentionally hard to work with or that it is just what it is.

FreeBSD requires an embedded base system OpenSSL library for bootstrap reasons, but this version cannot be changed on the fly without reinstalling the whole base system. That's why we use a package on top to allow quick updates and also the possibility to use LibreSSL.

This information isn't new and certainly not rocket science. Failure to learn from past threads which have plenty of information on the subject is on the individual user.


Cheers,
Franco

All I can do, if I am in doubt of something, first I use the docs search function:
https://docs.opnsense.org/search.html?q=openssl&check_keywords=yes&area=default

It didnt help me to find your quoted sentence, which you suggest should be general public knowledge:

"FreeBSD requires an embedded base system OpenSSL library for bootstrap reasons, but this version cannot be changed on the fly without reinstalling the whole base system. That's why we use a package on top to allow quick updates and also the possibility to use LibreSSL."

Othwerwise you may add forum sticky permalinks into the docs articles, where it is written once already. Searching for "openssl" string under forum returns too many results, not rational to find that 1 statement.

"Failure to learn from past threads which have plenty of information on the subject is on the individual user."
No comment on this, we dont understand or willing to accept the others point of view.
January 02, 2021, 11:57:46 PM #48
This is not a OPNsense related thing.
The location of custom software outside of base system comes from the way FreeBSD works using ports.

Further information on this topic:
https://www.freebsd.org/doc/handbook/dirstructure.html
https://www.freebsd.org/doc/handbook/ports.html#ports-synopsis
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
Print
Go Up Pages 1 2 3 4
User actions