[Swan-dev] [PATCH libreswan] Add support for IPSec HW-offload on the NIC

Antony Antony antony at phenome.org
Tue Jun 27 16:18:32 UTC 2017

I guess this is could be applied. However, please hold on, lets update 
xfrm.h first.

I plan to update linux26/xfrm.h with history from kernel commits.
It should happen before this patch. Otherwise it hard to know how upto date 
xfrm.h is.

Another comment. It would be nice to add whack option? 

How would XFRM_MSG_GETSA work? I am guessing you have a running system.
Could you share output of 

ipsec whack --trafficstatus


On Tue, Jun 27, 2017 at 06:48:26PM +0300, ilant at mellanox.com wrote:
> From: Ilan Tayari <ilant at mellanox.com>
> Add per-connection configuration flag to enable HW offload.
> For kernel_netlink, if flag is set and connection is oriented,
> attempt to offload on the interface's device by adding the new
> XFRMA_OFFLOAD_DEV netlink attribute.
> Signed-off-by: Ilan Tayari <ilant at mellanox.com>
> ---

More information about the Swan-dev mailing list