Patch to support MACsec HW offload

Jouni Malinen j at
Thu Oct 27 02:47:58 PDT 2022

On Thu, Oct 27, 2022 at 11:37:15AM +0200, Benny Lønstrup Ammitzbøll wrote:
> Valid point, so maybe the default should be to use HW offload if the
> interface supports it. However, a user may be interested in measuring the
> performance gain obtained with a HW offload solution (I at least need this
> in my testing) in which case the parameter is useful.

In Wi-Fi cases, such a change would be done as a driver-specific
configuration (e.g., nohwcrypt=1 module parameter for ath9k), i.e.,
there is no dynamic kernel interface for setting that when configuring
encryption parameters for a specific connection. I guess someone thought
this would be needed for MACsec for some reason.. I cannot really think
of a real use case for that apart from either testing something or
working around implementation issues (that really should be addressed by
fixing those issues). I'm not against adding a test parameter for this,
but it should be clearly documented as such and the default value should
be to behave in the most reasonable manner for production use cases
(which, I'd assume, would be to use all available hardware offloads for
encryption/decryption of frames).

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list