Date: Tue, 11 Jul 2000 12:53:23 +0400 (MSD) From: Andrey Sverdlichenko <blaze@infosec.ru> To: freebsd-security@freebsd.org Subject: Re: Hardware crypto (Re: KAME stable 20000704) Message-ID: <Pine.BSF.4.21.0007111252570.33004-100000@blaze>
next in thread | raw e-mail | index | archive | help
On Mon, 10 Jul 2000, Jun-ichiro itojun Hagino wrote: > In case anyone got confused: please note that "IPsec support for > crypto card" and "crypto card support as user-mode device file" > are totally different thing. Former one needs MAJOR work in > network IP layer design (BSD IP layer runs under software interrupt, > killing possibility for offloading CPU). OpenBSD did a truely > super job on this. Hmmm... i don't know about KAME/IPSEC, but in our cryptorouter i made it in easy way: 1) in software interrupt context packet goes to "crypto task queue" 2) kernel process gets packet from this queue and passes it to encryption/decryption functions (currently software, but i see nothing special in hardware support) 3) after processing packet injected back to ip_input()/ip_output(). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007111252570.33004-100000>