Dean Jenkins <[EMAIL PROTECTED]> wrote:
> 
> Is there a mechanism to allow a hardware crypto driver to be unloaded and the 
> IPsec session to fallback to using software based crypto drivers ?

Fail-over should be implemented within the driver.  Please look
at drivers/crypto/padlock-sha.c for an example for how to use a
software fallback implementation.

> Conversely, is there a mechanism to dynamically upgrade from using software 
> based crypto to hardware based crypto without killing the IPsec tunnel ?

Note that IPsec tunnel != IPsec SA.  During the life-time of a
tunnel many SAs could be used.  It's trivial to change drivers
without killing the tunnel by changing SAs.  Of course, changing
implementations without replacing the SA is impossible, unless
you start out with the hardware implementation registered but
only use the software fallback.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to