search

xelerance / Openswan

Openswan
Other
850 stars 214 forks source link

Ipsec hardware acceleration #308

Open Ramonnnnn opened 6 years ago

Ramonnnnn commented 6 years ago

Hi, We're working on hardware acceleration just for the encryption part. We will need Openswan to start with the IKE protocol, and get the negotiated SA from that stage. Does anyone know how can i interface with Openswans IKE daemon? Are there any hooks or something like that?

thanks you, Ramon

mcr commented 6 years ago

Ramonnnnn notifications@github.com wrote:

Hi, We're working on hardware acceleration just for the encryption part. We will need Openswan to start with the IKE protocol, and get the negotiated SA from that stage. Does anyone know how can i interface with Openswans IKE daemon? Are there any hooks or something like that?

Yes, there are many different hooks. If you are living on top a Linux kernel, then you can hook into the kernel at appropriate places by writing kernel level drivers for your hardware.

If you are living on top something else, then you write a new kernel_something.c You'll have to read the source code.

-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [

letoams commented 6 years ago

On Tue, 19 Jun 2018, Ramonnnnn wrote:

We're working on hardware acceleration just for the encryption part. We will need Openswan to start with the IKE protocol, and get the negotiated SA from that stage. Does anyone know how can i interface with Openswans IKE daemon? Are there any hooks or something like that?

Your hardware should use CONFIG_XFRM_OFFLOAD. Anything else is just madness or obsoleted.

libreswan and strongswan support this already. It shouldn't be more then like 2 hours of work to port it to openswan.

Paul

Ramonnnnn commented 6 years ago

Thank you for your answer.

Do you think there is a hook to offload not only the encryption\decryption, but also the add the ESP header itself by the hardware?

thanks again.

Yotam Ramon

Ethernity

From: Michael Richardson notifications@github.com Sent: Tuesday, June 19, 2018 3:06:14 PM To: xelerance/Openswan Cc: Yotam Ramon; Author Subject: Re: [xelerance/Openswan] Ipsec hardware acceleration (#308)

Ramonnnnn notifications@github.com wrote:

Hi, We're working on hardware acceleration just for the encryption part. We will need Openswan to start with the IKE protocol, and get the negotiated SA from that stage. Does anyone know how can i interface with Openswans IKE daemon? Are there any hooks or something like that?

Yes, there are many different hooks. If you are living on top a Linux kernel, then you can hook into the kernel at appropriate places by writing kernel level drivers for your hardware.

If you are living on top something else, then you write a new kernel_something.c You'll have to read the source code.

-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/xelerance/Openswan/issues/308#issuecomment-398375497, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Amg1ezqnptyw-IZSY2MU1spNfBYe-SYKks5t-Ok1gaJpZM4UtCps.