[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e538c2bc-b8b5-c5d9-05a3-a385d2c809e4@mellanox.com>
Date: Tue, 14 Jul 2020 10:31:25 +0300
From: Boris Pismenny <borisp@...lanox.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: David Miller <davem@...emloft.net>, john.fastabend@...il.com,
daniel@...earbox.net, tariqt@...lanox.com, netdev@...r.kernel.org
Subject: Re: [PATCH] tls: add zerocopy device sendpage
On 14/07/2020 1:59, Jakub Kicinski wrote:
> On Tue, 14 Jul 2020 01:15:26 +0300 Boris Pismenny wrote:
>> On 13/07/2020 22:05, David Miller wrote:
>>> The TLS signatures are supposed to be even stronger than the protocol
>>> checksum, and therefore we should send out valid ones rather than
>>> incorrect ones.
>> Right, but one is on packet payload, while the other is part of the payload.
>>
>>> Why can't the device generate the correct TLS signature when
>>> offloading? Just like for the protocol checksum, the device should
>>> load the payload into the device over DMA and make it's calculations
>>> on that copy.
>> Right. The problematic case is when some part of the record is already
>> received by the other party, and then some (modified) data including
>> the TLS authentication tag is re-transmitted.
>> The modified tag is calculated over the new data, while the other party
>> will use the already received old data, resulting in authentication error.
>>
>>> For SW kTLS, we must copy. Potentially sending out garbage signatures
>>> in a packet cannot be an "option".
>> Obviously, SW kTLS must encrypt the data into a different kernel buffer,
>> which is the same as copying for that matter. TLS_DEVICE doesn't require this.
> This proposal is one big attrition of requirements, which I personally
> dislike quite a bit. Nothing material has changed since the first
> version of the code was upstreamed, let's ask ourselves - why was the
> knob not part of the initial submission?
I'm really not convinced that the copy requirement is needed.
At the time, Dave objected when we presented this on the netdev conference,
and we didn't want to delay the entire series just to argue this point. It's
all a matter of timing and priorities. Now we have an ASIC that uses this API,
and I'd like to show the best possible outcome, and not the best possible given
an arbitrary limitation that avoids an error where the user does something
erroneous.
Powered by blists - more mailing lists