ODROID C2 RTC module under Arch Linux ARM

How to enable RTC Shield on Arch Linux ARM on ODROID C2

(Based on this Hardkernel wiki)

Install Device Tree Compiler:

# pacman -S dtc
resolving dependencies…
looking for conflicting packages…

Packages (1) dtc-1.4.2-1

Total Installed Size: 0.26 MiB

:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [######################] 100%
(1/1) checking package integrity [######################] 100%
(1/1) loading package files [######################] 100%
(1/1) checking for file conflicts [######################] 100%
(1/1) checking available disk space [######################] 100%
:: Processing package changes…
(1/1) installing dtc [######################] 100%

Enable the RTC module in the DTB file:

# fdtput -t s /boot/dtbs/meson64_odroidc2.dtb /i2c@c1108500/pcf8563@51 status “okay”

Enable the RTC shield in the DTB file at every shutdown / reboot, create a file in /etc/systemd/system like rtc.service:

[Unit]
Description=Enable RTC Shield
DefaultDependencies=no

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/fdtput -t s /boot/dtbs/meson64_odroidc2.dtb /i2c@c1108500/pcf8563@51 status “okay”

[Install]
WantedBy=shutdown.target

Enable the rtc service:

# systemctl enable rtc
Created symlink /etc/systemd/system/shutdown.target.wants/rtc.service -> /etc/systemd/system/rtc.service.

Load the kernel module at boot time:

# echo aml_i2c >> /etc/modules-load.d/aml_i2c.conf

reboot

Confirm RTC time after reboot:

# timedatectl
Local time: Mon 2016-11-14 14:13:37 AST
Universal time: Mon 2016-11-14 11:13:37 UTC
RTC time: Mon 2016-11-14 11:13:37
Time zone: Asia/Qatar (AST, +0300)
Network time on: yes
NTP synchronized: yes
RTC in local TZ: no

Apache httpd 2.4 forward proxy

The Apache httpd 2.4 code below definesĀ a forward proxy (squid drop in replacement) on TCP port 3128. Proved to be faster than squid 3.5 on the same hardware when using Apache httpd event MPM.

Make sure you have a local DNS caching resolver, such as unbound or PowerDNS Recursor configured in /etc/resolv.conf.

ProxyDomain directive protects the proxy from accessing domain hosts by filling up the local domain name or search domains from /etc/resolv.conf.

Apache httpd mod_reqtimeout drops some long lived https connections in its default configuration (RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500).

Required modules: mod_proxy, mod_proxy_connect.
Continue reading “Apache httpd 2.4 forward proxy”

Linux – how to disable cgroups

One liner:

# grep -v ^# /proc/cgroups|cut -f 1|xargs -ifoo echo -n foo,
cpuset,cpu,cpuacct,blkio,memory,devices,freezer,net_cls,pids,

Add the list to cgroup_disable= kernel parameter in the bootloader configuration, for example to /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT=”cgroup_disable=cpuset,cpu,cpuacct,blkio,memory,devices,freezer,net_cls,pids

ODROID C1+ openssl speed results

OpenSSL 1.0.2h 3 May 2016
built on: reproducible build, date unspecified
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -march=armv7-a -mfloat-abi=hard -mfpu=vfpv3-d16 -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -Wl,-O1,--sort-common,--as-needed,-z,relro -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 0.00 0.00 0.00 0.00 0.00
mdc2 2501.53k 2883.98k 2992.04k 3022.17k 3031.04k
md4 10396.80k 35268.22k 93936.64k 160142.68k 202421.59k
md5 7820.06k 26636.27k 69933.06k 117178.37k 146317.31k
hmac(md5) 7936.04k 26391.68k 69296.98k 117048.32k 146295.47k
sha1 8154.54k 24115.41k 54641.92k 79772.33k 92312.92k
rmd160 5900.12k 16823.81k 35534.85k 49251.33k 55549.95k
rc4 74533.97k 86578.05k 90075.73k 91446.97k 91458.22k
des cbc 16736.53k 17479.21k 17669.97k 17717.25k 17738.41k
des ede3 6185.23k 6287.10k 6316.03k 6323.20k 6326.95k
idea cbc 22312.53k 24069.78k 24553.73k 24674.65k 24715.26k
seed cbc 21831.66k 23760.66k 24307.80k 24446.29k 24488.62k
rc2 cbc 15100.19k 15799.89k 15986.09k 16033.45k 16048.13k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 26857.30k 29445.61k 30172.76k 30355.80k 30414.17k
cast cbc 28814.66k 31742.74k 32647.08k 32880.30k 32945.49k
aes-128 cbc 34489.19k 37695.55k 38701.14k 38960.81k 39034.88k
aes-192 cbc 30115.64k 32675.08k 33432.58k 33655.81k 33721.00k
aes-256 cbc 26568.37k 28430.59k 29180.50k 29373.44k 29431.13k
camellia-128 cbc 25553.14k 28175.27k 28980.31k 29190.49k 29250.90k
camellia-192 cbc 20559.13k 22219.73k 22717.44k 22849.54k 22888.45k
camellia-256 cbc 20538.31k 22186.94k 22723.50k 22851.58k 22888.45k
sha256 8984.07k 20960.60k 37999.53k 47685.63k 51508.57k
sha512 4899.11k 19656.19k 29439.32k 41044.31k 46399.49k
whirlpool 1144.79k 2341.74k 3798.02k 4500.82k 4754.09k
aes-128 ige 33407.46k 36944.49k 38051.24k 38338.90k 38412.29k
aes-192 ige 29192.58k 32000.43k 32945.07k 33190.23k 33254.06k
aes-256 ige 25921.70k 28001.00k 28809.73k 29018.11k 29073.41k
ghash 65219.86k 79684.31k 84361.13k 85590.02k 85985.96k
sign verify sign/s verify/s
rsa 512 bits 0.000722s 0.000078s 1385.6 12862.7
rsa 1024 bits 0.004973s 0.000236s 201.1 4240.8
rsa 2048 bits 0.031478s 0.000838s 31.8 1193.3
rsa 4096 bits 0.215532s 0.003190s 4.6 313.5
sign verify sign/s verify/s
dsa 512 bits 0.000832s 0.000921s 1202.5 1086.2
dsa 1024 bits 0.002401s 0.002822s 416.5 354.3
dsa 2048 bits 0.008418s 0.010010s 118.8 99.9
sign verify sign/s verify/s
160 bit ecdsa (secp160r1) 0.0008s 0.0019s 1261.6 520.4
192 bit ecdsa (nistp192) 0.0007s 0.0028s 1366.5 363.5
224 bit ecdsa (nistp224) 0.0010s 0.0036s 1043.9 275.0
256 bit ecdsa (nistp256) 0.0011s 0.0041s 924.3 241.4
384 bit ecdsa (nistp384) 0.0030s 0.0113s 335.4 88.2
521 bit ecdsa (nistp521) 0.0067s 0.0250s 150.2 40.0
163 bit ecdsa (nistk163) 0.0017s 0.0049s 579.9 202.9
233 bit ecdsa (nistk233) 0.0035s 0.0083s 286.0 121.2
283 bit ecdsa (nistk283) 0.0055s 0.0149s 182.5 66.9
409 bit ecdsa (nistk409) 0.0140s 0.0302s 71.2 33.1
571 bit ecdsa (nistk571) 0.0341s 0.0701s 29.3 14.3
163 bit ecdsa (nistb163) 0.0017s 0.0053s 584.0 190.0
233 bit ecdsa (nistb233) 0.0035s 0.0089s 288.0 112.4
283 bit ecdsa (nistb283) 0.0055s 0.0165s 182.1 60.8
409 bit ecdsa (nistb409) 0.0141s 0.0338s 70.9 29.6
571 bit ecdsa (nistb571) 0.0341s 0.0793s 29.3 12.6
op op/s
160 bit ecdh (secp160r1) 0.0016s 623.3
192 bit ecdh (nistp192) 0.0023s 440.6
224 bit ecdh (nistp224) 0.0030s 332.4
256 bit ecdh (nistp256) 0.0035s 289.6
384 bit ecdh (nistp384) 0.0097s 103.4
521 bit ecdh (nistp521) 0.0212s 47.3
163 bit ecdh (nistk163) 0.0024s 414.7
233 bit ecdh (nistk233) 0.0040s 251.0
283 bit ecdh (nistk283) 0.0074s 135.7
409 bit ecdh (nistk409) 0.0148s 67.4
571 bit ecdh (nistk571) 0.0345s 29.0
163 bit ecdh (nistb163) 0.0026s 389.9
233 bit ecdh (nistb233) 0.0043s 230.5
283 bit ecdh (nistb283) 0.0081s 123.4
409 bit ecdh (nistb409) 0.0167s 60.0
571 bit ecdh (nistb571) 0.0392s 25.5

Raspberry Pi 3 openssl speed results

OpenSSL 1.0.2h 3 May 2016
built on: reproducible build, date unspecified
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -march=armv7-a -mfloat-abi=hard -mfpu=vfpv3-d16 -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -Wl,-O1,--sort-common,--as-needed,-z,relro -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 0.00 0.00 0.00 0.00 0.00
mdc2 3291.88k 3913.05k 4103.17k 4153.69k 4169.73k
md4 11481.11k 40912.13k 117541.55k 220068.18k 296402.94k
md5 9379.61k 32706.03k 90693.46k 162355.20k 211561.13k
hmac(md5) 9201.03k 32203.52k 89574.91k 161536.00k 211378.18k
sha1 9791.92k 31675.18k 79227.90k 126946.30k 154279.94k
rmd160 7646.07k 22700.78k 50220.89k 72176.64k 82739.20k
rc4 79282.85k 90155.05k 94420.74k 95550.81k 95884.63k
des cbc 22129.85k 23252.50k 23619.93k 23713.79k 23740.42k
des ede3 8363.35k 8527.21k 8578.47k 8591.70k 8596.14k
idea cbc 25445.90k 27408.83k 27924.05k 28079.79k 28125.87k
seed cbc 24239.92k 26755.46k 27452.50k 27656.19k 27716.27k
rc2 cbc 17029.49k 17817.94k 18122.41k 18179.07k 18191.70k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 34253.61k 37768.17k 38754.05k 39054.68k 39146.84k
cast cbc 32085.65k 35121.24k 36129.37k 36390.23k 36462.59k
aes-128 cbc 45552.57k 49512.55k 51488.34k 52053.67k 52213.08k
aes-192 cbc 39198.81k 43077.63k 44411.99k 44758.70k 44862.12k
aes-256 cbc 34850.85k 37886.55k 38916.44k 39183.02k 39261.53k
camellia-128 cbc 33526.36k 38175.25k 39747.07k 40165.72k 40288.26k
camellia-192 cbc 27226.54k 30254.85k 31253.16k 31518.38k 31596.54k
camellia-256 cbc 27275.12k 30267.93k 31261.78k 31521.11k 31596.54k
sha256 12969.64k 32241.64k 60364.80k 77827.07k 84997.46k
sha512 7413.86k 30009.24k 47103.49k 66516.31k 75762.35k
whirlpool 1505.56k 3091.11k 5016.15k 5944.32k 6283.26k
aes-128 ige 43212.20k 47876.07k 50037.67k 50651.82k 50812.25k
aes-192 ige 37439.96k 41833.66k 43327.74k 43717.97k 43821.74k
aes-256 ige 33452.72k 36921.09k 38081.28k 38382.93k 38464.17k
ghash 101801.82k 129991.64k 139014.74k 142116.52k 143048.70k
sign verify sign/s verify/s
rsa 512 bits 0.000527s 0.000050s 1896.2 20072.8
rsa 1024 bits 0.003034s 0.000139s 329.6 7178.1
rsa 2048 bits 0.018416s 0.000485s 54.3 2061.9
rsa 4096 bits 0.123704s 0.001802s 8.1 554.9
sign verify sign/s verify/s
dsa 512 bits 0.000527s 0.000558s 1898.1 1791.4
dsa 1024 bits 0.001396s 0.001624s 716.5 615.9
dsa 2048 bits 0.004780s 0.005760s 209.2 173.6
sign verify sign/s verify/s
160 bit ecdsa (secp160r1) 0.0006s 0.0016s 1567.9 626.9
192 bit ecdsa (nistp192) 0.0006s 0.0022s 1693.8 462.6
224 bit ecdsa (nistp224) 0.0008s 0.0029s 1287.2 340.7
256 bit ecdsa (nistp256) 0.0008s 0.0031s 1231.0 319.6
384 bit ecdsa (nistp384) 0.0025s 0.0095s 397.8 104.8
521 bit ecdsa (nistp521) 0.0055s 0.0214s 181.7 46.8
163 bit ecdsa (nistk163) 0.0016s 0.0043s 627.3 232.0
233 bit ecdsa (nistk233) 0.0032s 0.0069s 309.2 144.1
283 bit ecdsa (nistk283) 0.0050s 0.0129s 199.0 77.4
409 bit ecdsa (nistk409) 0.0136s 0.0251s 73.5 39.8
571 bit ecdsa (nistk571) 0.0328s 0.0591s 30.5 16.9
163 bit ecdsa (nistb163) 0.0016s 0.0046s 630.9 218.9
233 bit ecdsa (nistb233) 0.0032s 0.0076s 311.2 132.3
283 bit ecdsa (nistb283) 0.0050s 0.0141s 198.3 70.8
409 bit ecdsa (nistb409) 0.0136s 0.0280s 73.4 35.7
571 bit ecdsa (nistb571) 0.0328s 0.0666s 30.5 15.0
op op/s
160 bit ecdh (secp160r1) 0.0013s 744.4
192 bit ecdh (nistp192) 0.0018s 550.1
224 bit ecdh (nistp224) 0.0024s 408.2
256 bit ecdh (nistp256) 0.0025s 393.7
384 bit ecdh (nistp384) 0.0081s 124.0
521 bit ecdh (nistp521) 0.0177s 56.5
163 bit ecdh (nistk163) 0.0021s 479.3
233 bit ecdh (nistk233) 0.0034s 292.9
283 bit ecdh (nistk283) 0.0063s 157.7
409 bit ecdh (nistk409) 0.0124s 80.7
571 bit ecdh (nistk571) 0.0294s 34.1
163 bit ecdh (nistb163) 0.0022s 447.4
233 bit ecdh (nistb233) 0.0037s 267.8
283 bit ecdh (nistb283) 0.0070s 143.7
409 bit ecdh (nistb409) 0.0138s 72.5
571 bit ecdh (nistb571) 0.0330s 30.3

ODROID C2 openssl speed results

OpenSSL 1.0.2h 3 May 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -march=armv8-a -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -Wl,-O1,--sort-common,--as-needed,-z,relro -O3 -Wall -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 0.00 0.00 0.00 0.00 0.00
mdc2 3640.10k 4421.14k 4670.81k 4752.52k 4756.82k
md4 14761.19k 50700.76k 143869.61k 266842.76k 354011.82k
md5 11076.00k 35818.45k 92414.72k 153004.09k 188424.19k
hmac(md5) 12785.41k 40603.93k 100306.96k 157476.86k 189399.04k
sha1 12339.23k 39139.69k 97635.07k 156103.83k 188716.37k
rmd160 10565.68k 30771.39k 68201.64k 98086.91k 112841.38k
rc4 98133.54k 104396.35k 105703.25k 106422.95k 106989.16k
des cbc 24729.40k 25873.28k 26249.98k 26345.81k 26372.78k
des ede3 9640.43k 9779.01k 9833.13k 9846.44k 9852.25k
idea cbc 29117.31k 31028.86k 31586.30k 31728.64k 31771.31k
seed cbc 27562.26k 28699.73k 29001.47k 29101.06k 29130.75k
rc2 cbc 20236.39k 21290.53k 21485.31k 21564.76k 21588.65k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 41023.17k 44583.66k 45693.60k 45839.70k 45927.08k
cast cbc 34551.07k 36907.90k 37827.98k 37905.75k 37961.73k
aes-128 cbc 52529.75k 57060.20k 58430.55k 58833.24k 58941.44k
aes-192 cbc 46461.64k 49923.55k 50996.48k 51319.81k 51407.53k
aes-256 cbc 41619.94k 43600.64k 44835.65k 44765.18k 44867.58k
camellia-128 cbc 45513.06k 48770.73k 49875.20k 50167.81k 50417.79k
camellia-192 cbc 36023.07k 38010.94k 38702.59k 38878.89k 39055.84k
camellia-256 cbc 36022.89k 38010.58k 38702.25k 38879.91k 38925.65k
sha256 13359.25k 34669.67k 68154.37k 90359.27k 99338.92k
sha512 9240.56k 37008.75k 76181.67k 125007.80k 153277.78k
whirlpool 5926.07k 12244.89k 20189.27k 24130.56k 25663.70k
aes-128 ige 50807.55k 55730.30k 57602.57k 57764.52k 57944.75k
aes-192 ige 45103.43k 48948.86k 50239.15k 50677.73k 50645.67k
aes-256 ige 40555.06k 43636.29k 44658.94k 45023.12k 44979.54k
ghash 64512.50k 70876.35k 73233.58k 74094.11k 74028.37k
sign verify sign/s verify/s
rsa 512 bits 0.000511s 0.000037s 1956.4 26791.3
rsa 1024 bits 0.002124s 0.000101s 470.9 9935.3
rsa 2048 bits 0.012240s 0.000315s 81.7 3172.0
rsa 4096 bits 0.077674s 0.001091s 12.9 916.6
sign verify sign/s verify/s
dsa 512 bits 0.000403s 0.000422s 2480.9 2368.3
dsa 1024 bits 0.001008s 0.001179s 991.7 848.0
dsa 2048 bits 0.003145s 0.003871s 317.9 258.3
sign verify sign/s verify/s
160 bit ecdsa (secp160r1) 0.0005s 0.0018s 2058.6 563.9
192 bit ecdsa (nistp192) 0.0005s 0.0018s 1991.0 568.9
224 bit ecdsa (nistp224) 0.0006s 0.0022s 1582.8 451.2
256 bit ecdsa (nistp256) 0.0008s 0.0029s 1284.2 343.7
384 bit ecdsa (nistp384) 0.0017s 0.0062s 605.0 161.9
521 bit ecdsa (nistp521) 0.0028s 0.0091s 351.3 109.9
163 bit ecdsa (nistk163) 0.0009s 0.0036s 1084.6 279.9
233 bit ecdsa (nistk233) 0.0018s 0.0050s 558.3 200.8
283 bit ecdsa (nistk283) 0.0029s 0.0103s 345.3 97.4
409 bit ecdsa (nistk409) 0.0069s 0.0214s 145.1 46.7
571 bit ecdsa (nistk571) 0.0151s 0.0455s 66.2 22.0
163 bit ecdsa (nistb163) 0.0009s 0.0038s 1085.7 264.5
233 bit ecdsa (nistb233) 0.0018s 0.0052s 565.0 191.0
283 bit ecdsa (nistb283) 0.0029s 0.0111s 343.8 90.0
409 bit ecdsa (nistb409) 0.0069s 0.0236s 145.2 42.4
571 bit ecdsa (nistb571) 0.0151s 0.0509s 66.2 19.7
op op/s
160 bit ecdh (secp160r1) 0.0015s 687.8
192 bit ecdh (nistp192) 0.0015s 678.6
224 bit ecdh (nistp224) 0.0019s 533.8
256 bit ecdh (nistp256) 0.0024s 408.4
384 bit ecdh (nistp384) 0.0051s 196.8
521 bit ecdh (nistp521) 0.0074s 134.3
163 bit ecdh (nistk163) 0.0017s 578.4
233 bit ecdh (nistk233) 0.0024s 417.4
283 bit ecdh (nistk283) 0.0050s 199.5
409 bit ecdh (nistk409) 0.0107s 93.7
571 bit ecdh (nistk571) 0.0227s 44.1
163 bit ecdh (nistb163) 0.0018s 554.7
233 bit ecdh (nistb233) 0.0026s 391.6
283 bit ecdh (nistb283) 0.0055s 182.3
409 bit ecdh (nistb409) 0.0117s 85.1
571 bit ecdh (nistb571) 0.0253s 39.5

Juniper vs. FTPES

If you get timeouts connecting to a FTPES server, check if ALG is enabled (usually is):
JunOS> show security alg status
ALG Status :
DNS : Enabled
FTP : Enabled
H323 : Enabled
MGCP : Enabled
MSRPC : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Enabled
SCCP : Enabled
SIP : Enabled
SQL : Enabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Enabled

Enable secure FTP and FTP-ssl protocols:
JunOS# set security alg ftp ftps-extension

Commit and enjoy FTPES!

Installing and booting VMware ESXi over FCoE on an IBM BladeCenter H with Brocade CNA

Hardware:
– IBM BladeCenter H
– HS22V and HX5 blades with Brocade 2 port 10GbE Converged Network Adapter, no local drives
– IBM Storwize V7000

At the time of writing the Brocade 2 port 10GbE Converged Network Adapter for IBM BladeCenter (81Y1650) is supported on VMware ESXi up to version 4.1.

To install VMware on the blades, a custom VMware ESXi 4.1 ISO image with Brocade CNA drivers is required.

Continue reading “Installing and booting VMware ESXi over FCoE on an IBM BladeCenter H with Brocade CNA”