[Swan-dev] [PATCH libreswan] Add support for IPSec HW-offload on the NIC

Antony Antony antony at phenome.org
Tue Jun 27 16:46:52 UTC 2017

oh, few informational questions.

1. how to detect which esp algorithms are supported by this card?
2. how does it deal with add_sa for a unsupported algorithm?
3. does the card support AH SA?
4. does it support xfrm acquire, block and pass polices too?
5. Any limits on number of SA supported? and would it return something like 
can't add any more message or silently fail.
6. does a "ipsec restart" clear the SAs properly if pluto crash?  
_stackmanger try to do that when pluto crash.


On Tue, Jun 27, 2017 at 06:48:26PM +0300, ilant at mellanox.com wrote:
> From: Ilan Tayari <ilant at mellanox.com>
> Add per-connection configuration flag to enable HW offload.
> For kernel_netlink, if flag is set and connection is oriented,
> attempt to offload on the interface's device by adding the new
> XFRMA_OFFLOAD_DEV netlink attribute.
> Signed-off-by: Ilan Tayari <ilant at mellanox.com>

More information about the Swan-dev mailing list