On Fri, 2016-06-24 at 18:51 -0700, Andy Lutomirski wrote: > Hi all- > > tcp_md5_hash_header does crypto using an sg that points to the stack. > This will break with virtually mapped stacks. It also looks like it's > probably much slower than it deserves to be (it's trying to compute > the MD5 hash of a few tens of bytes -- going through a scatterlist is > a lot of overhead for an otherwise very fast operation).
I guess nobody cares about TCP MD5 speed really. > > I don't suppose one of you could fix it or at least advise as to how > it should be fixed. Simply extend tcp_md5sig_pool to contain a copy of the TCP headers ? At most 40 bytes of extra per cpu storage is not a big problem.