[Swan-dev] Libreswan nic-offload automatic and fallback
Ilan Tayari
ilant at mellanox.com
Tue Jul 4 13:58:51 UTC 2017
Hi Paul, Antony, and all,
I want to discuss an improvement to the basic Libreswan nic-offload feature.
We (Mellanox) propose the following change:
* Upgrade the nic-offload configuration option from bool to tristate enum:
* Never – old behavior, never attempt to perform nic-offload.
* Always – current "nic-offload=yes" behavior, e.g. always attempt to
perform nic-offload and fail if it doesn't work.
* Auto – new behavior:
* Attempt nic-offload only if the NIC has the capability
(NETIF_F_HW_ESP). If NIC doesn't have the capability then don't
attempt nic offload.
* Fallback to regular SA if NIC offload fails (and log this)
This would work with the existing kernel interface.
If in the future we will have an API to query algos/modes supported, we can
extend "Auto" mode to use it, and not attempt something that is bound to fail.
Also, I believe we can have "Auto" as the default.
Please reply with your comments,
Thanks,
Ilan.
More information about the Swan-dev
mailing list