[Openswan dev] IPsec HW Offload Engine support

remy.gauguey at mindspeed.com remy.gauguey at mindspeed.com
Thu Jun 8 12:38:30 CEST 2006 

>>> Is your engine look-aside or inline?
The engine is a look-aside processor, but directly connected to ARM AHB bus
(no PCI).
The ARM processor is reponsible for SP check, adding/removing IP tunnel,
and indicates which SA to use to the engine.
The engine then inserts/remove ESP/AH header (IPv4 only), update outter
ipv4 header, and update SA (ttl, state, anti-replay window...)

thanks.




|---------+---------------------------->
|         |           Michael          |
|         |           Richardson       |
|         |           <mcr at xelerance.co|
|         |           m>               |
|         |           Sent by:         |
|         |           mcr at sandelman.ott|
|         |           awa.on.ca        |
|         |                            |
|         |                            |
|         |           08/06/2006 05:22 |
|         |                            |
|---------+---------------------------->
  >------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                              |
  |       To:       remy.gauguey at mindspeed.com                                                                                   |
  |       cc:       dev at openswan.org                                                                                             |
  |       Subject:  Re: [Openswan dev] IPsec HW Offload Engine support                                                           |
  >------------------------------------------------------------------------------------------------------------------------------|




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "remy" == remy gauguey <remy.gauguey at mindspeed.com> writes:
    remy> Hello,

    remy> I'm currently working on a CPE SoC based on ARM11 with an
    remy> IPSec offload engine.  This engine performs crypto operations
    remy> (cipher + digest) but also ESP/AH protocols offload (ESP/AH
    remy> header and trailer insertion, IPv4 (only) header
    remy> modification...).  This engine manages SA database, with TTL

  Expect some work to show up soon that does ESP/AH protocol offload.

    remy> but I would like to know how feasible would it be to integrate
    remy> such a IPSec Offload Engine into OpenSwan KLIPS architecture.
    remy> It sounds like to me the IPsecX interface would allow to do
    remy> this easier than on 26sec...

  Yes, I thikn so.

  Is your engine look-aside or inline?

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |
firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net
architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device
driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security
guy"); [

    "The Microsoft _Get the Facts CD_ does not work on Linux." - orospakr

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRIeX54CLcPvd0N1lAQJCzAf+MDh+ZvKaUSOI3VVbob8/1sxwKVAxgSb8
H9zjuKLaKXNsvPrNvNGu7/aanSdvMZP89rh7ZU7BJuACm9Wd6aLgxzJMZH0lpfhc
OHnzRYGjew6qSyevK5UkRWb2q493tWBjQczJ6xp6myltElapjJ4aGBxw3tFbVkAp
e6NRSXY6qLFCSFJoMyKKMt5oyEN8NmYeRaTxFbv/kKzcGw1f9ja5c2onGHgoyvpc
HjtBuCLbgBZMlBDxN9y48cPo1rE/MIYBWjNIT4PWLRPTDPKd8jmvWfKhI9rRIF21
A9M0tDRG4HWv+UOq8y9zbcYm4xry3mU2pUjYXC47+j5bqN4pP1bt2g==
=VGDc
-----END PGP SIGNATURE-----

More information about the Dev mailing list