Open Ramonnnnn opened 6 years ago
Ramonnnnn notifications@github.com wrote:
Hi, We're working on hardware acceleration just for the encryption part. We will need Openswan to start with the IKE protocol, and get the negotiated SA from that stage. Does anyone know how can i interface with Openswans IKE daemon? Are there any hooks or something like that?
Yes, there are many different hooks. If you are living on top a Linux kernel, then you can hook into the kernel at appropriate places by writing kernel level drivers for your hardware.
If you are living on top something else, then you write a new kernel_something.c You'll have to read the source code.
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
On Tue, 19 Jun 2018, Ramonnnnn wrote:
We're working on hardware acceleration just for the encryption part. We will need Openswan to start with the IKE protocol, and get the negotiated SA from that stage. Does anyone know how can i interface with Openswans IKE daemon? Are there any hooks or something like that?
Your hardware should use CONFIG_XFRM_OFFLOAD. Anything else is just madness or obsoleted.
libreswan and strongswan support this already. It shouldn't be more then like 2 hours of work to port it to openswan.
Paul
Thank you for your answer.
Do you think there is a hook to offload not only the encryption\decryption, but also the add the ESP header itself by the hardware?
thanks again.
Yotam Ramon
Ethernity
From: Michael Richardson notifications@github.com Sent: Tuesday, June 19, 2018 3:06:14 PM To: xelerance/Openswan Cc: Yotam Ramon; Author Subject: Re: [xelerance/Openswan] Ipsec hardware acceleration (#308)
Ramonnnnn notifications@github.com wrote:
Hi, We're working on hardware acceleration just for the encryption part. We will need Openswan to start with the IKE protocol, and get the negotiated SA from that stage. Does anyone know how can i interface with Openswans IKE daemon? Are there any hooks or something like that?
Yes, there are many different hooks. If you are living on top a Linux kernel, then you can hook into the kernel at appropriate places by writing kernel level drivers for your hardware.
If you are living on top something else, then you write a new kernel_something.c You'll have to read the source code.
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/xelerance/Openswan/issues/308#issuecomment-398375497, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Amg1ezqnptyw-IZSY2MU1spNfBYe-SYKks5t-Ok1gaJpZM4UtCps.
Hi, We're working on hardware acceleration just for the encryption part. We will need Openswan to start with the IKE protocol, and get the negotiated SA from that stage. Does anyone know how can i interface with Openswans IKE daemon? Are there any hooks or something like that?
thanks you, Ramon