[Openswan Users] IPSEC - Does `ping` involve any hashing activity?
Paul Wouters
paul at xelerance.com
Sat Oct 27 13:15:39 EDT 2007
On Sat, 27 Oct 2007, KokHow.Teh at infineon.com wrote:
> Greetings. I use openswan-2.4.9 to test my hardware
> cryptographic drivers. Here is the /etc/ipsec.conf:
So you are using snapgear's OCF patch?
> ike=aes-md5
> esp=aes-md5
>
> I configured the cryptographic hardware with AES and MD5
> priorities to be at 400 and 300 respectively and put some debug messages
> into the driver codes. While I could see the debug printouts of AES
> encrypt/decrypt showing that AES is in operation and the hardware
> cryptographic is used, I don't see any debug printout of hardware MD5 at
> all. My question is if `ping` involve any hashing operation at all?
If you configure esp=aes-md5 it should.
Openswan-3.x.x with OCF support, as far as I know, does not try to hardware
offload IKE, as the speedgains for that were minimal or non-existant, so
having ike= with md5 wouldn't make a difference. I am not sure about
snapgear's OCF patch to openswan 2.4.9 and what it supports or not. David
will probably be able to answer that.
Paul
More information about the Users
mailing list