My thought - given that at least on some platforms - encrypting 1000 packets at a time is a bad idea - would be something regulating the amount of data being crypted at a time, an equivalent to byte queue limits - BQL - BCL? byte crypto limits - to keep no more than, say, 1ms of data in that part of the subsystem.
... also pulling stuff out of order from an already encrypted thing leads to the same IV problems we had in mac80211. _______________________________________________ Cake mailing list [email protected] https://lists.bufferbloat.net/listinfo/cake
