lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171219161853.GE6122@localhost.localdomain>
Date:   Tue, 19 Dec 2017 14:18:53 -0200
From:   Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:     Ilya Lesokhin <ilyal@...lanox.com>
Cc:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "davejwatson@...com" <davejwatson@...com>,
        "tom@...bertland.com" <tom@...bertland.com>,
        "hannes@...essinduktion.org" <hannes@...essinduktion.org>,
        Boris Pismenny <borisp@...lanox.com>,
        Aviad Yehezkel <aviadye@...lanox.com>,
        Liran Liss <liranl@...lanox.com>
Subject: Re: [PATCH v3 net-next 6/6] tls: Add generic NIC offload
 infrastructure.

On Tue, Dec 19, 2017 at 03:38:16PM +0000, Ilya Lesokhin wrote:
> Tuesday, December 19, 2017 5:12 PM, Marcelo Ricardo Leitner wrote:
> 
> > > I'm not quite sure what you mean by "no net_device's are registered"
> > > Presumably you mean there is no device that implements the
> > > NETIF_F_HW_TLS_TX capability yet.
> > 
> > Not really. Let me try again. This patchset is using the expression "tls_device".
> > When I read that, I expect a new interface type, like a tunnel, that would be
> > created on top of another interface that has the offloading capability. That's
> > why I'm confused. IMHO "tls_offload" is a better fit. Makes sense?
> > 
> 
> We don't expose a new interface. An existing netdev does the offload.
> 
> The xfrm layer also calls the offload layer xfrm_device and It also doesn't need to
> add another interface to offload ipsec to a netdev.

Hm right, there is xfrm_dev_init() and others, but there is also
XFRM_OFFLOAD as the config define and not XFRM_DEVICE.

> 
> I thought about calling it tls_hw or tls_hw_offload.
> The problem is that the important distinction here is that the 
> offload is done by a netdev.
> tls_sw can also use hw offload if you have the required 
> memory to memory crypto engine and crypto_alloc_aead("gcm(aes)", 0, 0); 
> decides on using it.

Now I can see the confusion in both ways, thanks.
And now I don't have a preference either.

  Marcelo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ