[strongSwan] HA kernel patch and CONFIG_XFRM_OFFLOAD
Tobias Brunner
tobias at strongswan.org
Mon May 28 11:23:13 CEST 2018
Hi Jean-Daniel,
> Was the CONFIG_XFRM_OFFLOAD missing failover an overlook and I can safely populate the failover field in xfrm_replay.c
Yes, the HA patch (originally created for 3.x kernels) predates the HW
offloading (added with 4.12) by some years and this went unnoticed when
lifting the patch to recent kernels, in particular, because the kernels
used in our testing environment don't have CONFIG_XFRM_OFFLOAD enabled
(besides not needing it, it has some less than ideal side effects, like
inbound ESP packets not being visible in tcpdump anymore).
> or is it intentional because using CONFIG_XFRM_OFFLOAD introduce some known incompatibility with the HA patch ?
No idea if HA would actually work with HW offloading, but other than
that it should probably be fine to assign the same functions to the
structs in the CONFIG_XFRM_OFFLOAD case.
I've updated the ha-4.15.7 branch accordingly.
Regards,
Tobias
More information about the Users
mailing list