Re: [PATCH] crypto: aesni-intel - avoid IPsec re-ordering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks a bunch Herbert. I will try out the patch when you make it available.


Are there any thoughts for these other questions from you or anyone
else on the list, more
importantly regarding backlog handling in ESP ?


2. When the pkts are put on the async work queue, the queue size is initialized
as 100 in cryptd_init_queue() in crypto/cryptd.c. Does anyone know how/why
100 was picked ?

3. In cryptd_queue_worker(), the backlog->complete() callback is invoked with
-EINPROGRESS. In net/ipv4/esp4.c, there is no handling for EINPROGRESS
in esp_input_done()/esp_input_done2(). Am I reading the code correctly and
is there any expectation that ESP should support backlog and have backlog
handling ? Currently, the pkt just gets dropped as the EINPROGRESS is treated
as nexthdr and hence is invalid.



On Mon, Jan 18, 2016 at 11:43 PM, Herbert Xu
<herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> Raj Ammanur <rammanur@xxxxxxxxxx> wrote:
>>
>> First, I would like to report that we are also seeing problem where IPSec
>> packets are getting queued up to the workqueue for async processing because
>> of the FPU not being available. Since there are also a lot of input pkts, by the
>> time xfrm_input() is invoked again after the async operation is completed, the
>> IPsec pkts are either out of sequence or out of the replay window, since the
>> replay window has advanced. We are using IPSec tunnel between two
>> switches connected over a Long Fat Network and have sender and receiver
>> servers connected to the two ends of the tunnel. Because of  the TCP
>> receiver receiving  pkts either out of order or not receiving pkts because of
>> dropped pkts, this is causing significant drop in TCP throughtput on Long Fat
>> Networks, where  the network latency is high.
>
> Thanks for the reminder.  I will try to post a patch for this soon.
>
> Cheers,
> --
> Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux