| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Nov 2020 16:02:39 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Tariq Toukan <tariqt@...dia.com>
Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
Saeed Mahameed <saeedm@...dia.com>,
Moshe Shemesh <moshe@...dia.com>,
Tariq Toukan <ttoukan.linux@...il.com>
Subject: Re: [PATCH net-next 0/2] TLS TX HW offload for Bond
On Sun, 15 Nov 2020 15:42:49 +0200 Tariq Toukan wrote:
> This series opens TLS TX HW offload for bond interfaces.
> This allows bond interfaces to benefit from capable slave devices.
>
> The first patch adds real_dev field in TLS context structure, and aligns
> usages in TLS module and supporting drivers.
> The second patch opens the offload for bond interfaces.
>
> For the configuration above, SW kTLS keeps picking the same slave
> To keep simple track of the HW and SW TLS contexts, we bind each socket to
> a specific slave for the socket's whole lifetime. This is logically valid
> (and similar to the SW kTLS behavior) in the following bond configuration,
> so we restrict the offload support to it:
>
> ((mode == balance-xor) or (mode == 802.3ad))
> and xmit_hash_policy == layer3+4.
This does not feel extremely clean, maybe you can convince me otherwise.
Can we extend netdev_get_xmit_slave() and figure out the output dev
(and if it's "stable") in a more generic way? And just feed that dev
into TLS handling? All non-crypto upper SW devs should be safe to cross
with .decrypted = 1 skbs, right?
Powered by blists - more mailing lists