Re: [Ocf-linux-users] Regarding ocf for ipsec
Brought to you by:
david-m
Menu
▾
▴
Re: [Ocf-linux-users] Regarding ocf for ipsec
|
From: David M. <Dav...@se...> - 2008-07-09 23:10:35
|
Jivin Manish RATHI lays it down ... > Hi, > ipsec in vannila linux kernel uses linux kernel crypto not OCF framework? yes. > I am using OCF driver for crypto acceleration to be used with openssl engine. > > Currently ipsec uses linux kernel crypto framework. So I've to write 2 drivers You could use the openswan KLIPS stack in the kernel instead. > 1) kernel crypto driver > 2) OCF driver > > I'd like to use single driver that can be used with OpenSSL/OCF and Linux kernel crypto. > > Is there any stable patch available for ipsec in latest linux kernel so that it uses OCF? No. The linux kernel is doing it's own async crypto but I am not sure which kernel is is/will appear in and how stable it is. > Why OCF is not used in linux kernel for ipsec? One reason is licensing (OCF is BSD license). > I've read that current > ipsec doesn't uses Bottom half so async API framework such as OCF is not > required. Is it correct? An async api is required, but previously the stack counld not handle it. Work is being done in the space by the linux crypto guys. > What are the pros and cons of using OCF with ipsec? It goes faster, you have to patch your kernel, Cheers, Davidm -- David McCullough, dav...@se..., Ph:+61 734352815 Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com |
