[Swan-dev] offloading

Andrew Cagney andrew.cagney at gmail.com
Wed Feb 19 15:31:36 UTC 2020

I've some pending changes that offload more crypto, but I'm left
wondering at what point is it getting out of control.

First the existing DH offload should eventually be shuffled into:

- first AUTH request fragment arrives
- offload DH part#2 in background
- when DH comes back start decrypting fragments inline

which I think is reasonable.  But then we've got:

- start unpacking packet
- offload certificate decode and verify (aka RSA - NEW)
- work on packet
- offload PAM
- work on packet
- offload AUTH proof of identity calculation (aka RSA - NEW)
- emit response
- install kernel SAs (which is the current bottle neck but I suspect
we've got O(#STATE) code)

which seems to be getting just a tad out-of-control; and I'm sure
we'll find something else.

I've looked a bit at offloading everything.  The first thing to rear
its ugly head is, of course, reorienting the connection.  ARRRRHG!

More information about the Swan-dev mailing list