From: Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: IPSec ESP Authenc Offload
Date: Thu, 29 May 2008 17:01:30 +1000
Message-ID: <20080529070130.GC18007@gondor.apana.org.au>
References: <alpine.LFD.1.10.0805250731530.23219@localhost.localdomain> <20080526112058.GA16525@gondor.apana.org.au> <0CA0A16855646F4FA96D25A158E299D604814C4A@SDCEXCHANGE01.ad.amcc.com> <20080528063434.GA1173@gondor.apana.org.au> <0CA0A16855646F4FA96D25A158E299D604814F16@SDCEXCHANGE01.ad.amcc.com> <20080528222246.GA7798@gondor.apana.org.au> <0CA0A16855646F4FA96D25A158E299D604815113@SDCEXCHANGE01.ad.amcc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: linux-crypto@vger.kernel.org
To: Loc Ho <lho@amcc.com>
Content-Disposition: inline
In-Reply-To: <0CA0A16855646F4FA96D25A158E299D604815113@SDCEXCHANGE01.ad.amcc.com>
Sender: linux-crypto-owner@vger.kernel.org

On Wed, May 28, 2008 at 04:02:11PM -0700, Loc Ho wrote:
> 
> It doesn't help if it is generated by software. The driver still needs a
> context SA for each operation. In addition, the driver will have to
> increment seq (or load from request) and load SEQ and IV into each
> context SA. It is much cleaner if our driver knows the whole header
> length. Even if the hardware rewrites the SPI and SEQ again, it is all
> handled by hardware offload and will not be a problem for IPSEC ESP.

I'm happy to add support for ESP offload.  However, I don't think
we should add it onto the AEAD interface.  We should instead create
an ESP interface that specifically does this.

I still think that you can use the existing interface though and
just throw away the ESP work since that's trivial anyway.  Having
a context SA is not a problem since each tfm corresponds to a single
SA and you can just store the context in its context area.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt