Dave Taht <[email protected]> writes: > My thought - given that at least on some platforms - encrypting 1000 > packets at a time is a bad idea - would be something regulating the > amount of data being crypted at a time, an equivalent to byte queue > limits - BQL - BCL? byte crypto limits - to keep no more than, say, > 1ms of data in that part of the subsystem.
Well, the dynamic queue limit stuff is reusable (in include/linux/dynamic_queue_limits.h). The netdev BQL stuff just uses these functions with the packet byte sizes; so adapting it to use in wireguard should be fairly straight forward :) > ... also pulling stuff out of order from an already encrypted thing > leads to the same IV problems we had in mac80211. Yeah, but who needs IVs, really? ;) -Toke _______________________________________________ Cake mailing list [email protected] https://lists.bufferbloat.net/listinfo/cake
