I can not test the performance with iperf3 because rcu stall always happens . Ping is OK. Yesterday, I said "it works" because I only tested ping. If sw crypto is used, iperf3 test is OK.
openvpn and rcu stall log:
root@OpenWrt:/tmp/etc# /tmp/openvpn openvpn-test.conf [257/7644]
2024-01-11 07:11:20 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--da.
2024-01-11 07:11:20 OpenVPN 2.6.8 mips64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
2024-01-11 07:11:20 library versions: OpenSSL 1.1.1v 1 Aug 2023, LZO 2.10
2024-01-11 07:11:20 DCO version: N/A
2024-01-11 07:11:20 net_route_v4_best_gw query: dst 0.0.0.0
2024-01-11 07:11:20 net_route_v4_best_gw result: via 192.168.5.1 dev eth0
2024-01-11 07:11:20 Diffie-Hellman initialized with 1024 bit key
2024-01-11 07:11:20 net_iface_new: add tun0 type ovpn-dco
2024-01-11 07:11:20 DCO device tun0 opened
2024-01-11 07:11:20 net_iface_mtu_set: mtu 1500 for tun0
2024-01-11 07:11:20 net_iface_up: set tun0 up
2024-01-11 07:11:20 net_addr_v4_add: 10.9.0.1/24 dev tun0
2024-01-11 07:11:20 Could not determine IPv4/IPv6 protocol. Using AF_INET
2024-01-11 07:11:20 Socket Buffers: R=[294912->294912] S=[294912->294912]
2024-01-11 07:11:20 UDPv4 link local (bound): [AF_INET][undef]:1194
2024-01-11 07:11:20 UDPv4 link remote: [AF_UNSPEC]
2024-01-11 07:11:20 UID set to nobody
2024-01-11 07:11:20 Capabilities retained: CAP_NET_ADMIN
2024-01-11 07:11:20 MULTI: multi_init called, r=256 v=256
2024-01-11 07:11:20 IFCONFIG POOL IPv4: base=10.9.0.2 size=253
2024-01-11 07:11:20 ifconfig_pool_read(), in='client,10.9.0.2,'
2024-01-11 07:11:20 succeeded -> ifconfig_pool_set(hand=0)
2024-01-11 07:11:20 IFCONFIG POOL LIST
2024-01-11 07:11:20 client,10.9.0.2,
2024-01-11 07:11:20 Initialization Sequence Completed
2024-01-11 07:11:29 192.168.5.226:60179 VERIFY OK: depth=1, C=TW[ 643.335556] tun0: ovpn_netlink_new_peer: adding peer with endpoint=192.168.5.226:60179/UDP id=0 VPN-IPv4=10.9.0.2 VPN-IPv6=::
, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, name=EasyRSA, emailAddress=mail@netgear
2024-01-11 07:11:29 192.168.5.[ 643.354046] tun0: ovpn_netlink_new_key: new key installed (id=0) for peer 0
226:60179 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=client, name=EasyRSA, emailAddress=mail@netgear
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_VER=2.6.8
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_PLAT=win
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_TCPNL=1
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_MTU=1600
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_NCP=2
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_PROTO=990
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_GUI_VER=OpenVPN_GUI_11.46.0.0
2024-01-11 07:11:29 192.168.5.226:60179 peer info: IV_SSO=openurl,webauth,crtext
2024-01-11 07:11:29 192.168.5.226:60179 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-01-11 07:11:29 192.168.5.226:60179 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-01-11 07:11:29 192.168.5.226:60179 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bit9
2024-01-11 07:11:29 192.168.5.226:60179 [client] Peer Connection Initiated with [AF_INET]192.168.5.226:60179
2024-01-11 07:11:29 client/192.168.5.226:60179 MULTI_sva: pool returned IPv4=10.9.0.2, IPv6=(Not enabled)
2024-01-11 07:11:29 client/192.168.5.226:60179 MULTI: Learn: 10.9.0.2 -> client/192.168.5.226:60179
2024-01-11 07:11:29 client/192.168.5.226:60179 MULTI: primary virtual IP for client/192.168.5.226:60179: 10.9.0.2
2024-01-11 07:11:29 client/192.168.5.226:60179 SENT CONTROL [client]: 'PUSH_REPLY,route-gateway 10.9.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.9.0.2 255.255.255.0,peer-id 0,cipher)
2024-01-11 07:11:30 client/192.168.5.226:60179 Data Channel: cipher 'AES-256-GCM', peer-id: 0
2024-01-11 07:11:30 client/192.168.5.226:60179 Timers: ping 10, ping-restart 240
2024-01-11 07:11:30 client/192.168.5.226:60179 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
[ 882.172581] INFO: rcu_sched self-detected stall on CPU
[ 882.177742] 0-...: (1 GPs behind) idle=33e/140000000000001/0 softirq=5864/5866 fqs=2608
[ 882.185929] (t=6000 jiffies g=2147 c=2146 q=8)
[ 882.190556] NMI backtrace for cpu 0
[ 882.194051] CPU: 0 PID: 253 Comm: kworker/0:2 Tainted: P 4.14.76 #0
[ 882.201640] Workqueue: ovpn-crypto-wq-tun0 ovpn_decrypt_work [ovpn_dco_v2]
[ 882.208525] Stack : ffffffff83778288 0000000014001ce0 22773746ac1f384c 22773746ac1f384c
[ 882.216546] 0000000000000000 8000000000323a90 ffffffff83778f00 0000000000000000
[ 882.224567] 0000000000000142 0000000000000007 0000000000000000 712d74756e30206f
[ 882.232587] 0000000000000000 0000000000000000 0000000000000010 ffffffff81180000
[ 882.240607] 0000000000000000 0000000000000000 ffffffff811f0000 0000000000000000
[ 882.248628] ffffffff81180000 ffffffff81186920 0000000000000000 0000000000000000
[ 882.256648] 0000000000000000 ffffffff80bf1a90 0000000000000000 1e00000000ab3147
[ 882.264668] 800000002a774000 8000000000323a90 ffffffff81170000 ffffffff80f4df10
[ 882.272689] 0000000000000000 0000000000000007 0000000000000000 712d74756e30206f
[ 882.280709] 0000000000000000 ffffffff808718fc ffffffffc0f13230 c00000fefffdb900
[ 882.288729] ...
[ 882.291180] Call Trace:
[ 882.293633] [<ffffffff808718fc>] show_stack+0x64/0x108
[ 882.298786] [<ffffffff80f4df10>] dump_stack+0x90/0xd0
[ 882.303848] [<ffffffff80f54d30>] nmi_cpu_backtrace+0xe0/0x108
[ 882.309603] [<ffffffff80f54e28>] nmi_trigger_cpumask_backtrace+0xd0/0x178
[ 882.316403] [<ffffffff80925a78>] rcu_dump_cpu_stacks+0xbc/0x128
[ 882.322338] [<ffffffff808ec460>] rcu_check_callbacks+0x2e8/0x7e0
[ 882.328355] [<ffffffff808efaac>] update_process_times+0x34/0x70
[ 882.334287] [<ffffffff808feb00>] tick_sched_timer+0x170/0x1d8
[ 882.340042] [<ffffffff808f06f8>] __hrtimer_run_queues+0xd8/0x1b0
[ 882.346057] [<ffffffff808f094c>] hrtimer_interrupt+0xd4/0x288
[ 882.351813] [<ffffffff80874dd8>] c0_compare_interrupt+0x80/0x98
[ 882.357745] [<ffffffff808dcb60>] __handle_irq_event_percpu+0x78/0x188
[ 882.364195] [<ffffffff808dcc90>] handle_irq_event_percpu+0x20/0x68
[ 882.370383] [<ffffffff808e1760>] handle_percpu_irq+0x80/0xb0
[ 882.376050] [<ffffffff808dbbbc>] generic_handle_irq+0x2c/0x48
[ 882.381810] [<ffffffff80f6926c>] do_IRQ+0x1c/0x30
[ 882.386525] [<ffffffff80807b68>] plat_irq_dispatch+0xe8/0x110
[ 882.392283] [<ffffffff8086c52c>] handle_int+0x14c/0x158
[ 882.397517] [<ffffffff8087674c>] cnmips_cu2_call+0x7c/0xa0
[ 882.403013] [<ffffffff808b31c0>] notifier_call_chain+0x50/0xa8
[ 882.408856] [<ffffffff8086d1f4>] handle_cpu_int+0x24/0x30
Here is the ping and iperf3 log from a ssh window.
root@OpenWrt:~# ping 10.9.0.2
PING 10.9.0.2 (10.9.0.2): 56 data bytes
64 bytes from 10.9.0.2: seq=0 ttl=128 time=0.779 ms
64 bytes from 10.9.0.2: seq=1 ttl=128 time=0.629 ms
64 bytes from 10.9.0.2: seq=2 ttl=128 time=0.742 ms
64 bytes from 10.9.0.2: seq=3 ttl=128 time=0.866 ms
64 bytes from 10.9.0.2: seq=4 ttl=128 time=0.744 ms
64 bytes from 10.9.0.2: seq=5 ttl=128 time=0.703 ms
64 bytes from 10.9.0.2: seq=6 ttl=128 time=0.614 ms
64 bytes from 10.9.0.2: seq=7 ttl=128 time=0.545 ms
64 bytes from 10.9.0.2: seq=8 ttl=128 time=0.699 ms
64 bytes from 10.9.0.2: seq=9 ttl=128 time=0.634 ms
64 bytes from 10.9.0.2: seq=10 ttl=128 time=0.986 ms
64 bytes from 10.9.0.2: seq=11 ttl=128 time=0.697 ms
64 bytes from 10.9.0.2: seq=12 ttl=128 time=0.585 ms
64 bytes from 10.9.0.2: seq=13 ttl=128 time=0.681 ms
64 bytes from 10.9.0.2: seq=14 ttl=128 time=0.934 ms
64 bytes from 10.9.0.2: seq=15 ttl=128 time=0.651 ms
64 bytes from 10.9.0.2: seq=16 ttl=128 time=0.968 ms
64 bytes from 10.9.0.2: seq=17 ttl=128 time=1.291 ms
64 bytes from 10.9.0.2: seq=18 ttl=128 time=0.602 ms
64 bytes from 10.9.0.2: seq=19 ttl=128 time=1.091 ms
64 bytes from 10.9.0.2: seq=20 ttl=128 time=0.579 ms
64 bytes from 10.9.0.2: seq=21 ttl=128 time=0.601 ms
64 bytes from 10.9.0.2: seq=22 ttl=128 time=0.568 ms
64 bytes from 10.9.0.2: seq=23 ttl=128 time=0.494 ms
64 bytes from 10.9.0.2: seq=24 ttl=128 time=0.504 ms
64 bytes from 10.9.0.2: seq=25 ttl=128 time=0.480 ms
64 bytes from 10.9.0.2: seq=26 ttl=128 time=0.559 ms
^C
--- 10.9.0.2 ping statistics ---
27 packets transmitted, 27 packets received, 0% packet loss
round-trip min/avg/max = 0.480/0.712/1.291 ms
root@OpenWrt:~# iperf3 -c 10.9.0.2
Connecting to host 10.9.0.2, port 5201
[ 5] local 10.9.0.1 port 44924 connected to 10.9.0.2 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 2.05 MBytes 17.2 Mbits/sec 0 112 KBytes
client_loop: send disconnect: Broken pipe
According to my experience, tcrypt can not cover all test cases. It's a basic test tool. If you want to test one hw crypto module , you also need to test it with real user case like ipsec and ovpn-dco, then you may find out if there are bugs in hw crypto module. So have you tried aes-gcm with ipsec or ovpn-dco at your side?