On 27.10.2022 10.49, Jouni Malinen wrote:
On Wed, Oct 26, 2022 at 06:40:41PM +0200, Benny Lønstrup Ammitzbøll wrote:
Using wpa_supplicant to configure MACsec via the linux driver, but there is
currently no support for creating MACsec interfaces that offload MACsec to
the hardware, even though the linux MACsec implementation supports it.
I have attached a patch I made for wpa_supplicant ver. 2.9 that adds a
macsec_hw_offload parameter:
* macsec_hw_offload - Offload MACsec to hardware
*
* This setting applies only when MACsec is in use, i.e.,
* - macsec_policy is enabled
* - the key server has decided to enable MACsec
*
* 0: MACsec hardware offload is off (default)
* 1: MACsec hardware offload to PHY
* 2: MACsec hardware offload to MAC
*/
How would a user know which value to use here and why would this even
need a configuration parameter? Is there some real reason for not using
the hardware offload if the device and driver supports it? With Wi-Fi,
the hardware encryption decryption is always used, if available, without
the user (or anything in user space for that matter) having to really
know about this. Why would this be any different for MACsec?
Valid point, so maybe the default should be to use HW offload if the
interface supports it. However, a user may be interested in measuring
the performance gain obtained with a HW offload solution (I at least
need this in my testing) in which case the parameter is useful.
/Benny
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
