[Swan-dev] Libreswan nic-offload automatic and fallback
Antony Antony
antony at phenome.org
Wed Jul 5 11:02:16 UTC 2017
On Tue, Jul 04, 2017 at 01:58:51PM +0000, Ilan Tayari wrote:
> Hi Paul, Antony, and all,
>
> I want to discuss an improvement to the basic Libreswan nic-offload feature.
>
> We (Mellanox) propose the following change:
> * Upgrade the nic-offload configuration option from bool to tristate enum:
> * Never – old behavior, never attempt to perform nic-offload.
> * Always – current "nic-offload=yes" behavior, e.g. always attempt to
> perform nic-offload and fail if it doesn't work.
> * Auto – new behavior:
> * Attempt nic-offload only if the NIC has the capability
> (NETIF_F_HW_ESP). If NIC doesn't have the capability then don't
> attempt nic offload.
> * Fallback to regular SA if NIC offload fails (and log this)
If this is accessible from userland it is a good idea.
How does a process, pluto, check NETIF_F_HW_ESP support for an interface.
> This would work with the existing kernel interface.
Also would NETIF_F_HW_ESP work on older kernels atleast CentOS 6.x? Or need
ifdef for newer version?
> If in the future we will have an API to query algos/modes supported, we
> can
> extend "Auto" mode to use it, and not attempt something that is bound to fail.
>
> Also, I believe we can have "Auto" as the default.
>
> Please reply with your comments,
I had a similar thought before readinu about NETIF_F_HW_ESP.
A tristate option yes|no|only
yes - offload and if add_sa return -EINVAL fallback without XFRMA_OFFLOAD_DEV.
no - don't send XFRMA_OFFLOAD_DEV in add_sa
always - sed XFRMA_OFFLOAD_DEV in add_sa and if this fails don't attempt
install SA without XFRM_OFFLOAD.
I am not sure what would be the good default. I guess it depends what older
kerenl will do with XFRMA_OFFLOAD_DEV in add_sa and when probing
NETIF_F_HW_ESP. I didn't test this yet.
-antony
More information about the Swan-dev
mailing list