Dean Jenkins <djenkins@xxxxxxxxxx> wrote: > > Is there a mechanism to allow a hardware crypto driver to be unloaded and the > IPsec session to fallback to using software based crypto drivers ? Fail-over should be implemented within the driver. Please look at drivers/crypto/padlock-sha.c for an example for how to use a software fallback implementation. > Conversely, is there a mechanism to dynamically upgrade from using software > based crypto to hardware based crypto without killing the IPsec tunnel ? Note that IPsec tunnel != IPsec SA. During the life-time of a tunnel many SAs could be used. It's trivial to change drivers without killing the tunnel by changing SAs. Of course, changing implementations without replacing the SA is impossible, unless you start out with the hardware implementation registered but only use the software fallback. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
