I've some pending changes that offload more crypto, but I'm left wondering at what point is it getting out of control.
First the existing DH offload should eventually be shuffled into: - first AUTH request fragment arrives - offload DH part#2 in background - when DH comes back start decrypting fragments inline which I think is reasonable. But then we've got: - start unpacking packet - offload certificate decode and verify (aka RSA - NEW) - work on packet - offload PAM - work on packet - offload AUTH proof of identity calculation (aka RSA - NEW) - emit response - install kernel SAs (which is the current bottle neck but I suspect we've got O(#STATE) code) which seems to be getting just a tad out-of-control; and I'm sure we'll find something else. I've looked a bit at offloading everything. The first thing to rear its ugly head is, of course, reorienting the connection. ARRRRHG! _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
