| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 May 2019 11:13:47 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Jakub Kicinski <jakub.kicinski@...ronome.com>
Cc: Boris Pismenny <borisp@...lanox.com>,
"davem@...emloft.net" <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"oss-drivers@...ronome.com" <oss-drivers@...ronome.com>,
"davejwatson@...com" <davejwatson@...com>,
"john.fastabend@...il.com" <john.fastabend@...il.com>,
"vakul.garg@....com" <vakul.garg@....com>,
Alexei Starovoitov <ast@...nel.org>,
Tariq Toukan <tariqt@...lanox.com>
Subject: Re: [PATCH net 3/3] Documentation: add TLS offload documentation
On Thu, May 16, 2019 at 10:57 AM Jakub Kicinski
<jakub.kicinski@...ronome.com> wrote:
>
> The preferred method of reporting the Layer 4 (TCP) checksum offload
> for packets decrypted by the device is to update the checksum field
> to the correct value for clear text and report CHECKSUM_UNNECESSARY
> or CHECKSUM_COMPLETE computed over clear text. However, the exact
> semantics of RX checksum offload when NIC performs data modification
> are not clear and subject to change.
when host is consuming the tcp stream I don't see the value of
tcp checksum on top tls.
In that sense CHECKSUM_UNNECESSARY is fine and no
need to update checksum field.
Even in case of sockmap and tcp stream redirect it is still fine.
Only the tcp payload being redirected to a different tcp socket
and the headers are gone.
So imo in all cases CHECKSUM_UNNECESSARY is fine
even without adjustment to checksum field.
Obviously the hw/firmware should have checked tcp csum before doing decrypt.
Powered by blists - more mailing lists