Re: [Ocf-linux-users] Regarding ocf for ipsec
Brought to you by:
david-m
Menu
▾
▴
Re: [Ocf-linux-users] Regarding ocf for ipsec
|
From: Manish R. <man...@st...> - 2008-07-10 07:37:19
|
Hi, Patch I found for linux KLIPS Openswan doesn't look to be applicable to latest 2.6.24 kernel. It's big change and I am not sure about its stability. Has anybody used it over 2.6.24? Can I use crptodev with linux kernel crypto framework so that I use openssl+cryptodev + linux crypto? Is there any patch available? I am still not able to appreciate why linux kernel crypto framework not able to provide async APIs as OCF is providing. Thanks Regards Manish -----Original Message----- From: David McCullough [mailto:Dav...@se...] Sent: Thursday, July 10, 2008 4:41 AM To: Manish RATHI Cc: ocf...@li... Subject: Re: [Ocf-linux-users] Regarding ocf for ipsec Jivin Manish RATHI lays it down ... > Hi, > ipsec in vannila linux kernel uses linux kernel crypto not OCF framework? yes. > I am using OCF driver for crypto acceleration to be used with openssl engine. > > Currently ipsec uses linux kernel crypto framework. So I've to write 2 > drivers You could use the openswan KLIPS stack in the kernel instead. > 1) kernel crypto driver > 2) OCF driver > > I'd like to use single driver that can be used with OpenSSL/OCF and Linux kernel crypto. > > Is there any stable patch available for ipsec in latest linux kernel so that it uses OCF? No. The linux kernel is doing it's own async crypto but I am not sure which kernel is is/will appear in and how stable it is. > Why OCF is not used in linux kernel for ipsec? One reason is licensing (OCF is BSD license). > I've read that current > ipsec doesn't uses Bottom half so async API framework such as OCF is > not required. Is it correct? An async api is required, but previously the stack counld not handle it. Work is being done in the space by the linux crypto guys. > What are the pros and cons of using OCF with ipsec? It goes faster, you have to patch your kernel, Cheers, Davidm -- David McCullough, dav...@se..., Ph:+61 734352815 Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com |
