[Openswan dev] IPsec HW Offload Engine support
remy.gauguey at mindspeed.com
remy.gauguey at mindspeed.com
Thu Jun 8 12:38:30 CEST 2006
>>> Is your engine look-aside or inline?
The engine is a look-aside processor, but directly connected to ARM AHB bus
(no PCI).
The ARM processor is reponsible for SP check, adding/removing IP tunnel,
and indicates which SA to use to the engine.
The engine then inserts/remove ESP/AH header (IPv4 only), update outter
ipv4 header, and update SA (ttl, state, anti-replay window...)
thanks.
|---------+---------------------------->
| | Michael |
| | Richardson |
| | <mcr at xelerance.co|
| | m> |
| | Sent by: |
| | mcr at sandelman.ott|
| | awa.on.ca |
| | |
| | |
| | 08/06/2006 05:22 |
| | |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
| |
| To: remy.gauguey at mindspeed.com |
| cc: dev at openswan.org |
| Subject: Re: [Openswan dev] IPsec HW Offload Engine support |
>------------------------------------------------------------------------------------------------------------------------------|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "remy" == remy gauguey <remy.gauguey at mindspeed.com> writes:
remy> Hello,
remy> I'm currently working on a CPE SoC based on ARM11 with an
remy> IPSec offload engine. This engine performs crypto operations
remy> (cipher + digest) but also ESP/AH protocols offload (ESP/AH
remy> header and trailer insertion, IPv4 (only) header
remy> modification...). This engine manages SA database, with TTL
Expect some work to show up soon that does ESP/AH protocol offload.
remy> but I would like to know how feasible would it be to integrate
remy> such a IPSec Offload Engine into OpenSwan KLIPS architecture.
remy> It sounds like to me the IPsecX interface would allow to do
remy> this easier than on 26sec...
Yes, I thikn so.
Is your engine look-aside or inline?
- --
] ON HUMILITY: to err is human. To moo, bovine. |
firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net
architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device
driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security
guy"); [
"The Microsoft _Get the Facts CD_ does not work on Linux." - orospakr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRIeX54CLcPvd0N1lAQJCzAf+MDh+ZvKaUSOI3VVbob8/1sxwKVAxgSb8
H9zjuKLaKXNsvPrNvNGu7/aanSdvMZP89rh7ZU7BJuACm9Wd6aLgxzJMZH0lpfhc
OHnzRYGjew6qSyevK5UkRWb2q493tWBjQczJ6xp6myltElapjJ4aGBxw3tFbVkAp
e6NRSXY6qLFCSFJoMyKKMt5oyEN8NmYeRaTxFbv/kKzcGw1f9ja5c2onGHgoyvpc
HjtBuCLbgBZMlBDxN9y48cPo1rE/MIYBWjNIT4PWLRPTDPKd8jmvWfKhI9rRIF21
A9M0tDRG4HWv+UOq8y9zbcYm4xry3mU2pUjYXC47+j5bqN4pP1bt2g==
=VGDc
-----END PGP SIGNATURE-----
More information about the Dev
mailing list