[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170614221738.GC72301@davejwatson-mba.dhcp.thefacebook.com>
Date: Wed, 14 Jun 2017 15:17:38 -0700
From: Dave Watson <davejwatson@...com>
To: Tom Herbert <tom@...bertland.com>
CC: Ilya Lesokhin <ilyal@...lanox.com>,
Aviad Yehezkel <aviadye@...lanox.com>,
Boris Pismenny <borisp@...lanox.com>,
Liran Liss <liranl@...lanox.com>,
Matan Barak <matanb@...lanox.com>,
David Miller <davem@...emloft.net>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Hannes Frederic Sowa <hannes@...essinduktion.org>,
Eric Dumazet <eric.dumazet@...il.com>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
<nmav@...tls.org>,
FridolĂn PokornĂ˝ <fridolin.pokorny@...il.com>
Subject: Re: [PATCH v3 net-next 0/4] kernel TLS
On 06/14/17 01:54 PM, Tom Herbert wrote:
> On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson <davejwatson@...com> wrote:
> > This series adds support for kernel TLS encryption over TCP sockets.
> > A standard TCP socket is converted to a TLS socket using a setsockopt.
> > Only symmetric crypto is done in the kernel, as well as TLS record
> > framing. The handshake remains in userspace, and the negotiated
> > cipher keys/iv are provided to the TCP socket.
> >
> I don't see support for TLS receive path in the kernel, only the send
> path. Am I missing something?
Correct, this is only TX. Since it sounds likely some hardware might
only be able to offload TX, we decided to configure TX and RX
separately. Using the OpenSSL patches, it should be transparent to
users even if only one side is offloaded.
The software RX patches exist but haven't been polished up yet.
Powered by blists - more mailing lists