[Openswan dev] IPsec HW Offload Engine support

David McCullough david_mccullough at au.securecomputing.com
Wed May 31 21:56:52 CEST 2006

Jivin remy.gauguey at mindspeed.com lays it down ...
> Hello,
> I'm currently working on a CPE SoC based on ARM11 with an IPSec offload 
> engine.
> This engine performs crypto operations (cipher + digest) but also ESP/AH 
> protocols offload (ESP/AH header and trailer insertion, IPv4 (only) header 
> modification...).
> This engine manages SA database, with TTL and anti-replay checks.
> I'm currently working on the integration of this HW accelerator into the 
> 26sec (based on a patch written for 3Com crypto NICs : 
> http://oss.sgi.com/archives/netdev/2005-01/msg00360.html ), but I would 
> like to know how feasible would it be to integrate such a IPSec Offload 
> Engine into OpenSwan KLIPS architecture.
> It sounds like to me the IPsecX interface would allow to do this easier 
> than on 26sec...
> Any ideas or comments are welcome

Have a look at:


There is also a publicly available GIT tree for 2.6 with Openswan and
OCF fully integrated.


It should be really easy to add an OCF driver for the cipher/digest
portions,  from there the state machine is already close to what will be
needed for ful packet processing and is something that is being worked


David McCullough,  david_mccullough at securecomputing.com,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org http://www.cyberguard.com

More information about the Dev mailing list