lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 25 Oct 2022 19:57:00 -0700
From:   Jakub Kicinski <>
To:     Tariq Toukan <>
Cc:     "David S. Miller" <>,
        Eric Dumazet <>,
        Paolo Abeni <>,
        Boris Pismenny <>,
        John Fastabend <>,
        <>, Saeed Mahameed <>,
        Gal Pressman <>,
        Jay Vosburgh <>,
        Veaceslav Falico <>,
        Andy Gospodarek <>
Subject: Re: [PATCH net-next] bond: Disable TLS features indication

On Tue, 25 Oct 2022 13:53:00 +0300 Tariq Toukan wrote:
> Bond agnostically interacts with TLS device-offload requests via the
> .ndo_sk_get_lower_dev operation. Return value is true iff bond
> guarantees fixed mapping between the TLS connection and a lower netdev.
> Due to this nature, the bond TLS device offload features are not
> explicitly controllable in the bond layer. As of today, these are
> read-only values based on the evaluation of bond_sk_check().  However,
> this indication might be incorrect and misleading, when the feature bits
> are "fixed" by some dependency features.  For example,
> NETIF_F_HW_TLS_TX/RX are forcefully cleared in case the corresponding
> checksum offload is disabled. But in fact the bond ability to still
> offload TLS connections to the lower device is not hurt.
> This means that these bits can not be trusted, and hence better become
> unused.
> This patch revives some old discussion [1] and proposes a much simpler
> solution: Clear the bond's TLS features bits. Everyone should stop
> reading them.

Acked-by: Jakub Kicinski <>

Powered by blists - more mailing lists