lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 4 Jun 2017 07:51:24 +0000
From:   Ilan Tayari <ilant@...lanox.com>
To:     Jason Gunthorpe <jgunthorpe@...idianresearch.com>
CC:     Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Saeed Mahameed <saeedm@....mellanox.co.il>,
        "David S. Miller" <davem@...emloft.net>,
        "Doug Ledford" <dledford@...hat.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
        "jsorensen@...com" <jsorensen@...com>,
        "Andy Shevchenko" <andy.shevchenko@...il.com>,
        "linux-fpga@...r.kernel.org" <linux-fpga@...r.kernel.org>,
        Alan Tull <atull@...nsource.altera.com>,
        "yi1.li@...ux.intel.com" <yi1.li@...ux.intel.com>,
        Boris Pismenny <borisp@...lanox.com>
Subject: RE: [for-next 4/6] net/mlx5: FPGA, Add basic support for Innova

> -----Original Message-----
> From: Jason Gunthorpe [mailto:jgunthorpe@...idianresearch.com]
> Subject: Re: [for-next 4/6] net/mlx5: FPGA, Add basic support for Innova
> 
> On Mon, May 29, 2017 at 04:09:06PM +0000, Ilan Tayari wrote:
> 
> > > For IPSec, this is already in the kernel.
> > > See this patchset:
> > > http://www.mail-archive.com/netdev@vger.kernel.org/msg162876.html
> >
> > Sorry, I pointed at the RFC by mistake.
> >
> > This is the relevant pull request:
> > https://patchwork.ozlabs.org/patch/752707/
> 
> This is connecting ipsec to a netdev, while Innova seems to be a

Jason,

"network connected ipsec accelerator configured using IP packets."
No. This is incorrect.
Where did you get that from?

It is an IPSec-capable NIC.
See here for details:
http://www.mellanox.com/page/products_dyn?product_family=249&mtag=programmable_network_adapters

The driver we are intending to submit for it, interfaces with the mentioned API in the pull-request (Netdev xdo callbacks)

So you configure it from userspace with regular IPSec 'ip xfrm state' commands or over netlink with your favorite IKE daemon.

> 
> Those two things don't seem to be the same.
> 
> Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ