malvcr

Members
  • Content count

    61
  • Joined

  • Last visited

About malvcr

  • Rank
    Advanced Member

Recent Profile Visitors

231 profile views
  1. Orange Pi 2G-IOT

    mm ... I made another installation ... it is working now. Forget the "wireless-power off" in the wpa_supplicant.conf file. That made the problem. Also, I included some Debian repositories and now I am able to install software (although it is better not to abuse because of the lack of space and the own NAND nature of it). root@DietPi:/etc/apt# cat sources.list deb http://ftp.us.debian.org/debian jessie main contrib non-free deb-src http://ftp.us.debian.org/debian jessie main contrib non-free And now, I am trying to convert this in an Access Point. It is totally configured and it says that it is working, but nobody can see the machine outside (so, obviously it is not working). I will try this for a while to provide my impressions about this possible usage for the machine.
  2. Orange Pi 2G-IOT

    This is the article Link with references (this includes the link for the download) ... https://surfero.blogspot.com.es/2017/09/orange-pi-iot-2g-flashear-memoria-nand.html just in case, the download it is in https://mega.nz/#!BFcmiTpL!29AQt7E1odjNUaFV4JNXN8KnVM2dPSocf77EP8uFnPo I was nuts trying to make this to work and then I checked the boot setup ... oh .. 921600 ... my minicom was 115200. Then I was trying to change the boot to 115200, but as that image it is not "common", was a little risky to do that. Then, I changed the minicom to 921600 pressing the next button in the configuration. Now ... login perfect in the console :-) ... and ... WIFI was working around 10 times faster. But then, I did something and now it is impossible for the WIFI to complete the authentication phase with the Access Point (I have been fighting with this for a while with mixed, but all bad results). Then, I connected an ethernet dongle to the USB port and it works very well with an eth0 static address. In general, what I think is that the serial console overruns (in the thousands) with the only core the machine has caused a terrible side effect in the networking stack. It seems that also it is necessary to add "wireless-power off" as the last like in the wlan0 configuration (interfaces file) ... but right now I can't ensure this is a key factor because my WIFI it is not working well. A possible reason for the failure is that the machine always produce a different MAC address, and to declare a manual one with the "hwaddress ether" command in the interfaces definition makes some type of noise when the machine makes the handshaking with the access point ... again, something to be checked. An extra detail. When flashing the machine it is necessary to press and to "keep pressed" the button until the flash has been finished. And in all the process no SD card it is needed, eliminating the original requirement of having strange and difficult to find 8GB SD cards with low consumption requirements. After the machine it is operational, regular SD cards can be used; I even added a 2GB swap file in a 16GB SanDisk card with no problems (of course this won't be fast, but it will permit to me to run more programs on the little 256MB space). -- OK ... my next test, one of these days, will be to use something more complete than DietPi on the NAND, at least the booting component. It is OK to have the remaining in an SD card if the card it is recognized after booting it. :-)
  3. Orange Pi 2G-IOT

    Hi Surfero75 ... I made another attempt with the machine. With your image (based on DietPi that it is based on Armbian), it is possible to boot from the machine internal storage and then to add a 16GB SD card, and the machine will read it. That it is nice :-) ... However, WIFI continues being an issue. I changed the WPA_Supplicant from GB to US and reduced problemas a little, but continue freezing and restarting. Also, it is difficult to login in a TTL console. I can write the user but after writing the password nothing happens ... although this could be a software more than a hardware problem. And your image it is incomplete (I understand was necessary to erase things to write it in the machine space, but some things are not there even when having references ... maybe DietPi was not a good option to work with; it is better a plain Armbian). But good work ... this brings some hopes on the machine :-)
  4. BPI-R2 Board Bring-up

    It is good to know that the R2 it is being taken seriously. This machine has important things and, although there are very good alternatives, it has a market place. I have been sending maybe 100 times by now an 825 megabytes ubuntu iso file from one R2 to another and between an R2 and a Mac Mini machine, testing different types of configurations (in the while I am creating the system I will use the R2 for). Here there have some numbers that could be useful: (AES 256 bit): without /dev/crypto 100% CPU max - real 0m53.189s - user 0m44.210s - sys 0m8.030s with /dev/crypto 75% CPU max - real 0m27.015s - user 0m2.290s - sys 0m17.750s Checking at this test alone, it is clear that with the cryptodev driver active (and with the right openssl compiled for it), the machine it is faster processing. And then it is the top 100% capacity when using only the CPU ... I was trying to figure how to test that remaining 25% ... so, I made a multithread program that received the data (running in a R2), and executed 4 parallel sets of openssl+sending data from the other R2. The "general "throughput" for all the "bundle" gives around 45.8 MB/s. This is much higher than the around 17 MB/s I can have with only one similar session. The issue here is that the final speed can't be calculated only taking into consideration the crypto engine. A final test would need software designed for this, because when I cypher with openssl and then send the file on ethernet, I need to "write" the file to disk and to re-read it, and the DISK is a key factor on the overall transmission speed. An extra write is really heavy here. So, if I like to see a wonderful speed without sacrificing the machine, the disk must speed up. The final numbers for secure transmission of data must involve all the key factors : CRYPTO+DISK+NET+CPU. But ... in general, I think it is good enough for my purposes. When I have a better software platform to test all together (without punishing any of the factors), I will come to show my numbers.
  5. BPI-R2 Board Bring-up

    Making some tests ... rsync uses ssh or rsh (that for some reason it is worse) ... openssl with cryptodev it is fast on big files. There is no rcp (was replaced by scp that is part of ssh set). Then ssh it is in many important places in a regular distribution. I still must make more precise tests, but sending a file with ssh was around 3 minutes ... but encrypting it with openssl (aes - 256) took around 37 seconds and transmitting it with a simple perl script around 12 seconds. I know I can do better by saving one disk reading in the processing phase by moving to C or C++. But this shows that it is possible to obtain more from this machine without using the "normal" options.
  6. BPI-R2 Board Bring-up

    I have been thinking in some combination as OpenVPN (recompiled for cryptodev) with rsync or a type of simple plain data transmission. What I don't know is how will be the overhead ... if it is very high then I will need to process big chunks of data by myself. But, in general, it is a good thing to test :-)
  7. BPI-R2 Board Bring-up

    Not so easy to do ... Latest ssh version (cloned with git from official site): checking OpenSSL library version... configure: error: OpenSSL >= 1.1.0 is not yet supported (have "10101000 (OpenSSL 1.1.1-dev xx XXX xxxx)"). And, of course, when I replace the OpenSSL many things are broken. I will need to figure a different approach. There is a Fedora patch for 1.0, but I think that to make that to work involves more work than to do something from scratch (and will be over when openssh be updated to openssl 1.1.0).
  8. BPI-R2 Board Bring-up

    I checked interrupts, by Rider.Lee in BPI forum recommendation ... and when using the extensions there is a big quantity of them ( openssl speed -evp aes-128-cbc ). First run (with cryptodev) Total change for mtk-aes: 394682 Total change CPU : 2260 + 14616 + 14895 + 22625 = 54396 Second run (without cryptodev) Total change for mtk-aes: 0 Total change CPU : 1710 + 4332 + 4860 + 4357 = 15259 Right now I repeated the test checking the CPU. In the first case the CPU arrived at most to 50% - with cryptodev In the second case went to 100% (one core) - without cryptodev Would be interesting to go directly to the kernel interface. I don't know if openssl or even cryptodev way to do things could be wasting some CPU. My next test would be to replace the basic infrastructure to see how is the behavior with sftp. Previously I only was able to obtain 14 MB/s but this was limited by the CPU.
  9. BPI-R2 Board Bring-up

    Detail .... that hardware engine seems to work better with more than 1024 bytes. Something to take into consideration (although I need to check openssl compiling parameters with more care).
  10. BPI-R2 Board Bring-up

    I am writing to Gary ... but in the while, I built everything and the crypto driver really works. These are the numbers: Without the driver (standard openssl): for i in 128 192 256; do openssl speed -elapsed -evp aes-${i}-cbc ; done You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 16 size blocks: 4140500 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 1196387 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 312026 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 78846 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 9886 aes-128-cbc's in 3.00s OpenSSL 1.0.2g 1 Mar 2016 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 22082.67k 25522.92k 26626.22k 26912.77k 26995.37k You have chosen to measure elapsed time instead of user CPU time. Doing aes-192-cbc for 3s on 16 size blocks: 3626398 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 64 size blocks: 1028081 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 256 size blocks: ^[[A266479 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 1024 size blocks: 67186 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 8192 size blocks: 8426 aes-192-cbc's in 3.00s OpenSSL 1.0.2g 1 Mar 2016 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-192-cbc 19340.79k 21932.39k 22739.54k 22932.82k 23008.60k You have chosen to measure elapsed time instead of user CPU time. Doing aes-256-cbc for 3s on 16 size blocks: 3258679 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 910552 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 235055 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 59249 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 7422 aes-256-cbc's in 3.00s OpenSSL 1.0.2g 1 Mar 2016 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 17379.62k 19425.11k 20058.03k 20223.66k 20267.01k With the driver ( to do this I had to compile kernel, cryptodrv and openssl ... with some quirks here and there ): for i in 128 192 256; do ./openssl speed -elapsed -evp aes-${i}-cbc ; done You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 16 size blocks: 97341 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 83631 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 74013 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 73826 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 45441 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 16384 size blocks: 31972 aes-128-cbc's in 3.00s OpenSSL 1.1.1-dev xx XXX xxxx built on: reproducible build, date unspecified options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr) compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -march=armv7-a -Wa,--noexecstack The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-128-cbc 519.15k 1784.13k 6315.78k 25199.27k 124499.22k 174609.75k You have chosen to measure elapsed time instead of user CPU time. Doing aes-192-cbc for 3s on 16 size blocks: 96073 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 64 size blocks: 84094 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 256 size blocks: 74714 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 1024 size blocks: 74362 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 8192 size blocks: 43467 aes-192-cbc's in 3.00s Doing aes-192-cbc for 3s on 16384 size blocks: 29992 aes-192-cbc's in 3.00s OpenSSL 1.1.1-dev xx XXX xxxx built on: reproducible build, date unspecified options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr) compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -march=armv7-a -Wa,--noexecstack The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-192-cbc 512.39k 1794.01k 6375.59k 25382.23k 118693.89k 163796.31k You have chosen to measure elapsed time instead of user CPU time. Doing aes-256-cbc for 3s on 16 size blocks: 95306 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 84143 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 74296 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 73367 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 41361 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 16384 size blocks: 28101 aes-256-cbc's in 3.00s OpenSSL 1.1.1-dev xx XXX xxxx built on: reproducible build, date unspecified options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr) compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -march=armv7-a -Wa,--noexecstack The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-256-cbc 508.30k 1795.05k 6339.93k 25042.60k 112943.10k 153468.93k So ... with the R2 I "must" use the hardware help. I will check AF_ALG ... but today hours were not enough ;-)
  11. BPI-R2 Board Bring-up

    I will give a try to what Gary Wang described here (http://forum.banana-pi.org/t/is-it-possible-to-have-the-crypto-extensions-working/4034). ... could be possible that thing is ready? In case I have good news I will share them :-)
  12. BPI-R2 Board Bring-up

    You are right ... priorities. In fact, I would prefer to have the cpufreq type of things ready than the 'special' stuff. So ... today. 1) It is not possible to have high throughput on sequential cryptography networking involving only the CPU. 2) Plain networking (no linear CPU processing involved) is OK. 3) It is not possible to play with the CPU frequency. 4) Disk it is not tuned, and has the PCIe-line bandwidth limitation. USB3 speed it is not good at all. Then ... por specialized programming "today" 1) To increase "protected" networking speed, some sort of multithreading/multiprocessing must be used (at least there are 4 cores), or playing around with the cryptography algorithms to let the CPU to breath. 2) JIT processing it is not a good idea when dealing with lots of data. Better prepare what you can in advance when the CPU it is idle. 3) As the machine hast 2 GB RAM, it is important to use that 'asset' to reduce I/O latency. 4) Don't use USB for disks. Keep SATA and, "maybe", an extra adapter in the PCIe slot.
  13. BPI-R2 Board Bring-up

    Yes, the problem with my networking test was a bottleneck with the CPU, not the networking equipment. Making a simply stupid client/server perl based test (only sending static memory data from one side without verifications), I was able to obtain 135 MB/s. Of course, this number the only shows is that the device it is really a gigabit one; doesn't indicate that in real life scenarios I can obtain that throughput. But if I use it, I must understand all its limitations and possibilities. Thanks for the crypto references; I still need to do many things and to organize many "possibilities", so that material it is really important for me. So if I use the R2, can't be trying to obtain the highest throughput. Checking around ... the MT7623 has 1 Gbps crypto engine for VPN, or 500 Mbps crypto engine suite (in case these are different things). What is that and how to use it? .... no idea. I sent another message asking if this could be available for the R2 (again, this is a message for Mediatek, because could be a license issue). I was making my own secure communications protocol. I will tune it for SBC machines with all this information at hand, as I see that SSH is not so well suited for these environments.
  14. BPI-R2 Board Bring-up

    As I am developing for these platforms, that GCC version "detail" it is extremely important. Also, when using sftp it is not possible to separate the CPU throughput from the networked one, as the information must be cyphered. And there is the particular issue with the machine used. When we develop an application for everybody (as the ones in the Ubuntu distribution), it is not possible to design "for the platform"; this is particularly true when using standard sources that must be multi-platform capable. But if I am working "for the platform", then I can define particular capabilities to improve the final result even having constraints. Right now I am not at home. This night I will try the raw networking capacity ... in fact that Ubuntu has some useless things as a Docker infrastructure applied that could be interfering. Let me arrive with scissors and a broom to let it as naked as possible. About the BGI forum. My intention is to catch somebody from MTK. Also, there is something interesting: there are two forums there, one in English and a different one in Chinese (it is not a translation, it is a different forum). I will ask my wife (she is Chinese), to see what is written there... Google Translator it is not so good with that language.
  15. BPI-R2 Board Bring-up

    0.4.12 in all them ... although (of course), I have no idea how they compiled the program for each platform, in particular for the R2. Something I found half hour ago. When sending a file with sftp, the top transference speed is 14 MB/s. This is not a conclusive test, I need to make it more precise and with the right tools, but this seems to be Fast Ethernet speed, not Gigabit. Just in case, I am using two R2 machines, with both sides using RAM disks and the machines have a 1 feet cable between them (no extra equipment involved). I also included a question in the BPI forum to see if there is more information about this subject.