Re: [Ocf-linux-users] Regarding ocf for ipsec

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,
I've applied the patch.
 As such there is no change in ipsec files in kernel networking stack. 

Can you tell me name of files which tell the linux kernel so that it uses
OCF instead of linux kernel crypto framework?

Thanks
Regards
Manish

-----Original Message-----
From: David McCullough [mailto:Dav...@se...] 
Sent: Thursday, July 10, 2008 4:17 PM
To: Manish RATHI
Cc: ocf...@li...
Subject: Re: [Ocf-linux-users] Regarding ocf for ipsec

Jivin Manish RATHI lays it down ...
> Hi,
> Patch I found for linux KLIPS Openswan doesn't look to be applicable 
> to latest 2.6.24 kernel.

Go to:
	http://sourceforge.net/project/showfiles.php?group_id=133575

and download

   	ocf-linux-26-20080704.patch.gz

take a stock linux-2.6.24 (or 25) and extract:

	cd linux-2.6.24
	gunzip < ocf-linux-26-20080704.patch.gz | patch -p1

The previous OCF release (20071215) has a patch for 2.6.23.
Either way,  I know it's supported because I am running it :-)

> It's big change and I am not sure about its stability.

The patch is big because it includes all of OCF so that you do not need to
do anything else.  I have had some reports that you may need to fix a couple
of things after applying the patch but I have no details to help you with on
that.

> Has anybody used it over 2.6.24?

Anyone other than me :-)

> Can I use crptodev with linux kernel crypto framework so that I use
> openssl+cryptodev + linux crypto? Is there any patch available?

No and not that I know of.

> I am still not able to appreciate why linux kernel crypto framework 
> not able to provide async APIs as OCF is providing.

Read the linux-crypto or the older cryptodev mailing list archives,  it may
help,

Cheers.
Davidm

> -----Original Message-----
> From: David McCullough [mailto:Dav...@se...]
> Sent: Thursday, July 10, 2008 4:41 AM
> To: Manish RATHI
> Cc: ocf...@li...
> Subject: Re: [Ocf-linux-users] Regarding ocf for ipsec
> 
> 
> Jivin Manish RATHI lays it down ...
> > Hi,
> >  ipsec in vannila linux kernel uses linux kernel crypto not OCF
framework?
> 
> yes.
> 
> > I am using OCF driver  for crypto acceleration to be used with 
> > openssl
> engine.
> > 
> > Currently ipsec uses linux kernel crypto framework. So I've to write 
> > 2 drivers
> 
> You could use the openswan KLIPS stack in the kernel instead.
> 
> > 1) kernel crypto driver
> > 2) OCF driver
> > 
> > I'd like to use single driver that can be used with OpenSSL/OCF and 
> > Linux
> kernel crypto.
> > 
> > Is there any stable patch available for ipsec in latest linux kernel 
> > so
> that it uses OCF?
> 
> No.  The linux kernel is doing it's own async crypto but I am not sure 
> which kernel is is/will appear in and how stable it is.
> 
> > Why OCF is not used in linux kernel for ipsec?
> 
> One reason is licensing (OCF is BSD license).
> 
> > I've read that current
> > ipsec doesn't uses Bottom half so async API framework such as OCF is 
> > not required.  Is it correct?
> 
> An async api is required,  but previously the stack counld not handle it.
> Work is being done in the space by the linux crypto guys.
> 
> > What are the pros and cons of using OCF with ipsec? 
> 
> It goes faster,  you have to patch your kernel,
> 
> Cheers,
> Davidm
> 
> -- 
> David McCullough,  dav...@se...,   Ph:+61
734352815
> Secure Computing - SnapGear  http://www.uCdot.org
http://www.snapgear.com
> 

-- 
David McCullough,  dav...@se...,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org   http://www.snapgear.com