On Wed, May 28, 2008 at 04:02:11PM -0700, Loc Ho wrote: > > It doesn't help if it is generated by software. The driver still needs a > context SA for each operation. In addition, the driver will have to > increment seq (or load from request) and load SEQ and IV into each > context SA. It is much cleaner if our driver knows the whole header > length. Even if the hardware rewrites the SPI and SEQ again, it is all > handled by hardware offload and will not be a problem for IPSEC ESP. I'm happy to add support for ESP offload. However, I don't think we should add it onto the AEAD interface. We should instead create an ESP interface that specifically does this. I still think that you can use the existing interface though and just throw away the ESP work since that's trivial anyway. Having a context SA is not a problem since each tfm corresponds to a single SA and you can just store the context in its context area. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
