> -----Original Message----- > From: Antony Antony [mailto:[email protected]] > Subject: Re: Libreswan nic-offload automatic and fallback > > On Tue, Jul 04, 2017 at 01:58:51PM +0000, Ilan Tayari wrote: > > Hi Paul, Antony, and all, > > > > I want to discuss an improvement to the basic Libreswan nic-offload > feature. > > > > We (Mellanox) propose the following change: > > * Upgrade the nic-offload configuration option from bool to tristate > enum: > > * Never – old behavior, never attempt to perform nic-offload. > > * Always – current "nic-offload=yes" behavior, e.g. always attempt > to > > perform nic-offload and fail if it doesn't work. > > * Auto – new behavior: > > * Attempt nic-offload only if the NIC has the capability > > (NETIF_F_HW_ESP). If NIC doesn't have the capability then > don't > > attempt nic offload. > > * Fallback to regular SA if NIC offload fails (and log this) > > If this is accessible from userland it is a good idea. > How does a process, pluto, check NETIF_F_HW_ESP support for an interface.
I'm looking for an easy way to do this, without messing too much with ETHTOOL_GFEATURES. But it might be the only option. > > > This would work with the existing kernel interface. > > Also would NETIF_F_HW_ESP work on older kernels atleast CentOS 6.x? Or > need > ifdef for newer version? The flag will never be set on older kernels. > > > If in the future we will have an API to query algos/modes supported, we > > can > > extend "Auto" mode to use it, and not attempt something that is bound to > fail. > > > > Also, I believe we can have "Auto" as the default. > > > > Please reply with your comments, > > I had a similar thought before readinu about NETIF_F_HW_ESP. > A tristate option yes|no|only > > yes - offload and if add_sa return -EINVAL fallback without > XFRMA_OFFLOAD_DEV. > > no - don't send XFRMA_OFFLOAD_DEV in add_sa > always - sed XFRMA_OFFLOAD_DEV in add_sa and if this fails don't attempt > install SA without XFRM_OFFLOAD. > > I am not sure what would be the good default. I guess it depends what > older > kerenl will do with XFRMA_OFFLOAD_DEV in add_sa and when probing > NETIF_F_HW_ESP. I didn't test this yet. Older kernel ignores unrecognized attributes? I'll check this. But note that this only matters for "always", not for "auto". Ilan. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
