XFRM pCPU

From Libreswan
Revision as of 13:27, 16 April 2019 by Antony (talk | contribs) (Created page with "= the idea called per cpu sa in out going direction was discussed at Linux IPsec workshop in Prague. The following two worked on proto type. Libreswan picket terminology "clon...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

= the idea called per cpu sa in out going direction was discussed at Linux IPsec workshop in Prague. The following two worked on proto type. Libreswan picket terminology "clones".

Kernel / xfrm plans

  • Release private branch on Steffen's repository to get wider testing.
  • Kernel support for rekey. Possibly with refcounting the linked list on the Head SA. One could rekey in any order - either head SA or sub SA.
  • Ben would like to add feature bind a sub sa to a head SA,


Libreswan Plans

  • Currently support clones=n. Both sides should have same number.
  • support for asymetric configuration, one side 8(initiator) and responder (4).
  • rekey support
  • fix bugs down and delete.
  • don't allow clone instance on its own to be add|delete|down on the unaliased name.
  • test interop with unsupported version. ideally we should figure it out and not install clones. It could be that we will install clones and the last one would be used.
Retrieved from "https://libreswan.org/wiki/index.php?title=XFRM_pCPU&oldid=21585"