[strongSwan] HA kernel patch and CONFIG_XFRM_OFFLOAD
Jean-Daniel Dupas
jddupas at xooloo.com
Mon May 28 11:50:50 CEST 2018
> Le 28 mai 2018 à 11:23, Tobias Brunner <tobias at strongswan.org> a écrit :
>
> Hi Jean-Daniel,
>
>> Was the CONFIG_XFRM_OFFLOAD missing failover an overlook and I can safely populate the failover field in xfrm_replay.c
>
> Yes, the HA patch (originally created for 3.x kernels) predates the HW
> offloading (added with 4.12) by some years and this went unnoticed when
> lifting the patch to recent kernels, in particular, because the kernels
> used in our testing environment don't have CONFIG_XFRM_OFFLOAD enabled
> (besides not needing it, it has some less than ideal side effects, like
> inbound ESP packets not being visible in tcpdump anymore).
>
>> or is it intentional because using CONFIG_XFRM_OFFLOAD introduce some known incompatibility with the HA patch ?
>
> No idea if HA would actually work with HW offloading, but other than
> that it should probably be fine to assign the same functions to the
> structs in the CONFIG_XFRM_OFFLOAD case.
>
> I've updated the ha-4.15.7 branch accordingly.
Thank you,
I started to deploy a cluster with CONFIG_XFRM_OFFLOAD enabled. It looks like HA is working well.
More information about the Users
mailing list