| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jun 2022 09:39:51 +0300 From: Maxim Mikityanskiy <maximmi@...dia.com> To: Jakub Kicinski <kuba@...nel.org>, davem@...emloft.net Cc: netdev@...r.kernel.org, corbet@....net, linux-doc@...r.kernel.org Subject: Re: [PATCH net] docs: tls: document the TLS_TX_ZEROCOPY_RO On 2022-06-10 21:02, Jakub Kicinski wrote: > Add missing documentation for the TLS_TX_ZEROCOPY_RO opt-in. > > Signed-off-by: Jakub Kicinski <kuba@...nel.org> > --- > CC: corbet@....net > CC: linux-doc@...r.kernel.org > --- > Documentation/networking/tls.rst | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/Documentation/networking/tls.rst b/Documentation/networking/tls.rst > index 8cb2cd4e2a80..be8e10c14b05 100644 > --- a/Documentation/networking/tls.rst > +++ b/Documentation/networking/tls.rst > @@ -214,6 +214,31 @@ of calling send directly after a handshake using gnutls. > Since it doesn't implement a full record layer, control > messages are not supported. > > +Optional optimizations > +---------------------- > + > +There are certain condition-specific optimizations the TLS ULP can make, > +if requested. Those optimizations are either not universally beneficial > +or may impact correctness, hence they require an opt-in. > +All options are set per-socket using setsockopt(), and their > +state can be checked using getsockopt() and via socket diag (``ss``). > + > +TLS_TX_ZEROCOPY_RO > +~~~~~~~~~~~~~~~~~~ > + > +For device offload only. Allow sendfile() data to be transmitted directly > +to the NIC without making an in-kernel copy. This allows true zero-copy > +behavior when device offload is enabled. > + > +The application must make sure that the data is not modified between being > +submitted and transmission completing. In other words this is mostly > +applicable if the data sent on a socket via sendfile() is read-only. > + > +Modifying the data may result in different versions of the data being used > +for the original TCP transmission and TCP retransmissions. To the receiver > +this will look like TLS records had been tampered with and will result > +in record authentication failures. > + > Statistics > ========== > Acked-by: Maxim Mikityanskiy <maximmi@...dia.com>
Powered by blists - more mailing lists