[Swan-dev] [PATCH libreswan] Add support for IPSec HW-offload on the NIC

Antony Antony antony at phenome.org
Wed Jun 28 11:57:18 UTC 2017

I got the xfrm.h updated. I am running tests various distros. The errors 
were due to the order in which in.h and in6.h were included.

On Wed, Jun 28, 2017 at 08:03:49AM +0000, Ilan Tayari wrote:
> This reminds me of a different thing.
> With the crypto offload we easily reach 18Gbps on a single SA, and we expect to increase speed even more soon.
> This means without ESN, we deplete the 2^32 sequence numbers after ~47 minutes.


> I can set the SA lifetime to less than that, but it would be nicer to have 
> the daemon set a soft limit on packet count, and then rekey just in time 
> before the sequence numbers deplete, regardless of how fast I generate the 
> traffic.
> What do you think? 

I think it is a nice to have. Paul added the keywords. I will see if I can
finish it.


More information about the Swan-dev mailing list