On Thu, 17 Aug 2023 17:07:03 +0200 Sabrina Dubroca wrote: > Commit ab046a5d4be4 ("net: macsec: preserve ingress frame ordering") > tried to solve an issue caused by MACsec's use of asynchronous crypto > operations, but introduced a large performance regression in cases > where async crypto isn't causing reordering of packets. > > This patch introduces a per-netns sysctl that administrators can set > to allow new SAs to use async crypto, such as aesni. Existing SAs > won't be modified. > > By setting default_async_crypto=1 and reconfiguring macsec, a single > netperf instance jumps from 1.4Gbps to 4.4Gbps. Can we not fix the ordering problem? Queue the packets locally if they get out of order?