> -----Original Message----- > From: linux-crypto-owner@xxxxxxxxxxxxxxx <linux-crypto-owner@xxxxxxxxxxxxxxx> On Behalf Of Andrew Lunn > Sent: Wednesday, August 12, 2020 2:42 PM > To: Van Leeuwen, Pascal <pvanleeuwen@xxxxxxxxxx> > Cc: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>; Scott Dial <scott@xxxxxxxxxxxxx>; linux-crypto@xxxxxxxxxxxxxxx; Ryan Cox > <ryan_cox@xxxxxxx>; netdev@xxxxxxxxxxxxxxx; davem@xxxxxxxxxxxxx; Antoine Tenart <antoine.tenart@xxxxxxxxxxx>; > ebiggers@xxxxxxxxxx > Subject: Re: Severe performance regression in "net: macsec: preserve ingress frame ordering" > > <<< External Email >>> > > With networking protocols you often also have a requirement to minimize > > packet reordering, so I understand it's a careful balance. But it is possible > > to serialize the important stuff and still do the crypto out-of-order, which > > would be really beneficial on _some_ platforms (which have HW crypto > > acceleration but no such CPU extensions) at least. > > Many Ethernet PHYs are also capable of doing MACSeC as they > send/receive frames. Doing it in hardware in the PHY avoids all these > out-of-order and latency issues. Unfortunately, we are still at the > early days for PHY drivers actually implementing MACSeC offload. At > the moment only the Microsemi PHY and Aquantia PHY via firmware in the > Atlantic NIC support this. > No need to point this out to me as we're the number one supplier of inline MACsec IP :-) In fact, the Microsemi PHY solution you mention is ours, major parts of that design were even created by these 2 hands here. Full protocol offload is obviously the holy grail of HW acceleration, and what we tend to strive for. The problem is always with the software integration, so I'm happy to see a framework for inline MACsec acceleration being added to the kernel. Without such a protocol acceleration framework (which AFAIK doesn't exist for IPsec yet, at least not in a generic form supporting all modes and ciphersuites), however, you fall back to basic hash-encrypt/AEAD offload as the "best you can do". And some low-cost devices may still do it on the CPU to minimize silicon cost. So it is still very useful for the crypto API path to be as efficient as possible, at least for the time being. Regards, Pascal van Leeuwen Silicon IP Architect Multi-Protocol Engines, Rambus Security Rambus ROTW Holding BV +31-73 6581953 Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by Rambus. Please be so kind to update your e-mail address book with my new e-mail address. ** This message and any attachments are for the sole use of the intended recipient(s). It may contain information that is confidential and privileged. If you are not the intended recipient of this message, you are prohibited from printing, copying, forwarding or saving it. Please delete the message and attachments and notify the sender immediately. ** Rambus Inc.<http://www.rambus.com>
