lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 3 Aug 2021 13:48:59 +0200
From:   Sebastian Rehms <>
To:     <>
CC:     <>, <>,
Subject: MACSec performance issues

Dear netdev community,

We did some performance tests on MACSec and observed data rates of about
5-6 GBits/s. (measured with iperf3)
After a kernel update the maximum data rate dropped to about 600 MBit/s.

Due to this huge difference we did some further investigations and found
that the main reason is a change in the file drivers/net/macsec.c in the
function crypto_alloc_aead().

The change was introduced by commit
0899ff04c872463455f2749d13a5d311338021a3 (upstream commit

-       tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
+       /* Pick a sync gcm(aes) cipher to ensure order is preserved. */
+       tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);

According to the commit description, the  CRYPTO_ALG_ASYNC flag is
required to guarantee correct packet ordering which is indeed an
implicit provision of the MACSec standard.

First, it would be desirable to verify, that the impact of the flag is
large not only on our hardware but that it is a general phenomenon.

Maybe this is of interest for the MACSec maintainers?

Kind regards,
Sebastian Rehms

Powered by blists - more mailing lists