On Wed, Oct 26, 2022 at 06:40:41PM +0200, Benny Lønstrup Ammitzbøll wrote: > Using wpa_supplicant to configure MACsec via the linux driver, but there is > currently no support for creating MACsec interfaces that offload MACsec to > the hardware, even though the linux MACsec implementation supports it. > > I have attached a patch I made for wpa_supplicant ver. 2.9 that adds a > macsec_hw_offload parameter: > > * macsec_hw_offload - Offload MACsec to hardware > * > * This setting applies only when MACsec is in use, i.e., > * - macsec_policy is enabled > * - the key server has decided to enable MACsec > * > * 0: MACsec hardware offload is off (default) > * 1: MACsec hardware offload to PHY > * 2: MACsec hardware offload to MAC > */ How would a user know which value to use here and why would this even need a configuration parameter? Is there some real reason for not using the hardware offload if the device and driver supports it? With Wi-Fi, the hardware encryption decryption is always used, if available, without the user (or anything in user space for that matter) having to really know about this. Why would this be any different for MACsec? -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
