You mean that for multiple ESP SA there can be multiple working thread
involved?
Performance is critical as usual, but not a priority and userspace with
its portability is much more critical for me.
I suppose it is possible to add dispersal of incoming packets with one
ESP SA across multiple workers.
I will try to dig if it possible to make patch in future. Just asked
about heads-up for right now. Thanks Martin for your replay.
On 16.09.2014 11:42, Martin Willi wrote:
Hi,
For kernel space there is only one thread in ordinary case. But is there
anything different for userspace backend?
No, our libipsec userspace IPsec backend currently uses a single thread
in each flow direction.
If performance is critical, you certainly should use a kernel based
IPsec backend. It avoids moving packets between kernel and userspace. If
parallelism is required on Linux, you may have a look at the pcrypt
mechanism.
Regards
Martin
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
