[Openswan dev] IPsec HW Offload Engine support
David McCullough
david_mccullough at au.securecomputing.com
Wed May 31 21:56:52 CEST 2006
Jivin remy.gauguey at mindspeed.com lays it down ...
> Hello,
>
> I'm currently working on a CPE SoC based on ARM11 with an IPSec offload
> engine.
> This engine performs crypto operations (cipher + digest) but also ESP/AH
> protocols offload (ESP/AH header and trailer insertion, IPv4 (only) header
> modification...).
> This engine manages SA database, with TTL and anti-replay checks.
> I'm currently working on the integration of this HW accelerator into the
> 26sec (based on a patch written for 3Com crypto NICs :
> http://oss.sgi.com/archives/netdev/2005-01/msg00360.html ), but I would
> like to know how feasible would it be to integrate such a IPSec Offload
> Engine into OpenSwan KLIPS architecture.
> It sounds like to me the IPsecX interface would allow to do this easier
> than on 26sec...
>
> Any ideas or comments are welcome
Have a look at:
http://ocf-linux.sourceforge.net/
There is also a publicly available GIT tree for 2.6 with Openswan and
OCF fully integrated.
http://git.openswan.org/public/scm/klips.git#ocf_v2.6.16
It should be really easy to add an OCF driver for the cipher/digest
portions, from there the state machine is already close to what will be
needed for ful packet processing and is something that is being worked
on/discussed.
Cheers,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
More information about the Dev
mailing list