[strongSwan] ESP through External FPGA
martin at strongswan.org
Wed May 4 10:17:35 CEST 2011
> I am considering using OCF-Linux to handle the communication with FPGA
> through its protocol. Is this the right way of doing it (creating the
> OCF driver that will call this protocol in order to communicate with
> FPGA) or is there a better way of doing it.
strongSwan just configure the kernel for ESP, and it will use any crypto
devices available. Accelerating crypto in userland is another story, but
in most cases not really important, as IKE usually does not produce a
lot of traffic.
strongSwan prefers the native Linux IPsec implementation called Netkey.
We have basic support for the KLIPS interface too, but it is not as
complete as the Netkey interface is.
Netkey in turn uses the Linux Crypto API, not OCF. I'd consider writing
the driver for the Linux Crypto API, as you're closer to mainline. OCF
works better with KLIPS, but support from strongSwan is limited with it.
More information about the Users