| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Dec 2017 15:38:16 +0000
From: Ilya Lesokhin <ilyal@...lanox.com>
To: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"davem@...emloft.net" <davem@...emloft.net>,
"davejwatson@...com" <davejwatson@...com>,
"tom@...bertland.com" <tom@...bertland.com>,
"hannes@...essinduktion.org" <hannes@...essinduktion.org>,
Boris Pismenny <borisp@...lanox.com>,
"Aviad Yehezkel" <aviadye@...lanox.com>,
Liran Liss <liranl@...lanox.com>
Subject: RE: [PATCH v3 net-next 6/6] tls: Add generic NIC offload
infrastructure.
Tuesday, December 19, 2017 5:12 PM, Marcelo Ricardo Leitner wrote:
> > I'm not quite sure what you mean by "no net_device's are registered"
> > Presumably you mean there is no device that implements the
> > NETIF_F_HW_TLS_TX capability yet.
>
> Not really. Let me try again. This patchset is using the expression "tls_device".
> When I read that, I expect a new interface type, like a tunnel, that would be
> created on top of another interface that has the offloading capability. That's
> why I'm confused. IMHO "tls_offload" is a better fit. Makes sense?
>
We don't expose a new interface. An existing netdev does the offload.
The xfrm layer also calls the offload layer xfrm_device and It also doesn't need to
add another interface to offload ipsec to a netdev.
I thought about calling it tls_hw or tls_hw_offload.
The problem is that the important distinction here is that the
offload is done by a netdev.
tls_sw can also use hw offload if you have the required
memory to memory crypto engine and crypto_alloc_aead("gcm(aes)", 0, 0);
decides on using it.
Powered by blists - more mailing lists