| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Aug 2021 13:48:59 +0200
From: Sebastian Rehms <sebastian.rehms@...lbox.tu-dresden.de>
To: <netdev@...r.kernel.org>
CC: <scott@...ttdial.com>, <davem@...emloft.net>,
<gregkh@...uxfoundation.org>
Subject: MACSec performance issues
Dear netdev community,
We did some performance tests on MACSec and observed data rates of about
5-6 GBits/s. (measured with iperf3)
After a kernel update the maximum data rate dropped to about 600 MBit/s.
Due to this huge difference we did some further investigations and found
that the main reason is a change in the file drivers/net/macsec.c in the
function crypto_alloc_aead().
The change was introduced by commit
0899ff04c872463455f2749d13a5d311338021a3 (upstream commit
ab046a5d4be4c90a3952a0eae75617b49c0cb01b)
- tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
+ /* Pick a sync gcm(aes) cipher to ensure order is preserved. */
+ tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
According to the commit description, the CRYPTO_ALG_ASYNC flag is
required to guarantee correct packet ordering which is indeed an
implicit provision of the MACSec standard.
First, it would be desirable to verify, that the impact of the flag is
large not only on our hardware but that it is a general phenomenon.
Maybe this is of interest for the MACSec maintainers?
Kind regards,
Sebastian Rehms
Powered by blists - more mailing lists