ipsec and acrypto
Evgeniy Polyakov
johnpol at 2ka.mipt.ru
Mon Jan 24 11:12:35 CET 2005
On Mon, 2005-01-24 at 15:08 +0530, Kausty wrote:
> On Sun, 23 Jan 2005 13:21:40 +0300, Evgeniy Polyakov
> <johnpol at 2ka.mipt.ru> wrote:
> > On Sun, 23 Jan 2005 13:02:34 +0300
> > Evgeniy Polyakov <johnpol at 2ka.mipt.ru> wrote:
> >
> > > On Sun, 23 Jan 2005 11:39:09 +0530
> > > Kausty <kkumbhalkar at gmail.com> wrote:
> > >
> > > > hi
> > > > is the curent acrypto implementation able to work with ipsec without
> > > > anychanges to the ipsec flow.
> > >
> > > No.
> > > Current Linux IPsec stack works with bh disabled so it can not
> > > benefit from asynchronous operations even in case of
> > > scalable SMP support.
> >
> > I found following link: http://lists.openswan.org/pipermail/dev/2004-June/000375.html
> > which has a discussion about via-padlock hardware offload,
> > also the latest Openswan release has "Cryptographic helpers framework" although
> > I did not look at it, probably it is what you want.
> >
> > In-kernel IPsec does not support neither any kind of hardware offload
> > not asynchronous operations.
> >
> > BTW, what do you mean by _current_ asynchronous crypto implementation?
> > OCF by David McCullough <davidm at snapgear.com> (which is more likely to be included
> > into mainline) or acrypto?
> >
> well i was interested in acrypto,
> but i was not aware that OCF is more likely to be included into the
> mainline kernel ,thanks. in that case i have to see it w.r.t ipsec in
> linux as my basic intention is to provide cryptoh/w support for ipsec
> without foresaking performance.
Actually I made such decision based on the following post from James
Morris:
http://lists.logix.cz/pipermail/cryptoapi/2005/000282.html
I believe only dual licenseing absence stops from OCF inclusion at least
into -mm.
Although it had broken locking(FreeBSD calls OCF functions always under
the biglock),
I think David fixed that.
The latest OCF port can be found at
http://lists.logix.cz/pipermail/cryptoapi/2004/000261.html.
The latest acrypto can be found at
http://tservice.net.ru/~s0mbre/archive/acrypto or
http://lists.logix.cz/pipermail/cryptoapi/2005/000263.html
As a note I want to say that there is no any difference between how
external to crypto framework parts(for example IPsec or disk encryption)
requests it's crypto sessions either from acrypto or OCF, only function
names and parametes are different a bit.
I'm finishing writing loopdev replacement which can use acrypto
operations, you can use it then
as example how acrypto(and actually OCF) works.
> _______________________________________________
>
> Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi
> List archive: http://lists.logix.cz/pipermail/cryptoapi
--
Evgeniy Polyakov
Crash is better than data corruption -- Arthur Grabowski
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.logix.cz/pipermail/cryptoapi/attachments/20050124/3f7a429f/attachment.pgp
More information about the CryptoAPI
mailing list