On Mon, Sep 05, 2005 at 12:38:33PM +1000, Herbert Xu ([EMAIL PROTECTED]) wrote: > Ronen Shitrit <[EMAIL PROTECTED]> wrote: > > > > I think, Correct me if I'm wrong, > > What you described below, is 1 session with few operations (using the > > routing feature of the acrypto), but once the session/set of operations > > are done, then the session is closed. > > I see. You want the session to last through the lifetime of an IPsec > SA, right? > > Well the good news is that the Async Crypto API that I'm working on > will do exactly that. The session is identified with the existing > crypto_tfm object which is tied to each IPsec SA (for IPsec that is).
I was confused by your terminology :) Crypto session in acrypto is only structure, which contains src/dst/operation and some other parameters needed to properly process data. Each crypto layer does have it - OCF has crypto request, sync crypto has all that data as function parameters. Acrypto does not require additional "main" crypto session under which all crypto operations are performed, like crypto session in OCF or TFM in sync crypto, in this regard acrypto is fully asynchronous since each crypto request can belong to any crypto device, can be moved between them and so on, like OCF allows too, it just does not require some controlling stuff on top of it due to stack design. According to one session per SA. Sync crypto already has it - it stores all it's data in TFM or provide it as function parameters, when such approach is going to be used for some advanced management like fallback from device to device or request batching, it will require some control structure on top of it, and it _is_ OCF's crypto request and acrypto's crypto session. But as far as I recall we did not agree on sync stack usage on asynchronous processing :) > Cheers, > -- > Visit Openswan at http://www.openswan.org/ > Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt > _______________________________________________ > > Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi > List archive: http://lists.logix.cz/pipermail/cryptoapi -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
