From: Jakub Kicinski <jakub.kicinski@netronome.com>
To: Atul Gupta <atul.gupta@chelsio.com>
Cc: herbert@gondor.apana.org.au, davem@davemloft.net,
linux-crypto@vger.kernel.org, netdev@vger.kernel.org,
dt@chelsio.com
Subject: Re: [crypto 0/4] Inline TLS client and v6 support
Date: Thu, 11 Apr 2019 11:45:06 -0700 [thread overview]
Message-ID: <20190411114506.10d19a40@cakuba.netronome.com> (raw)
In-Reply-To: <ae56c100-d072-bf6b-465a-5136d29b84be@chelsio.com>
On Thu, 11 Apr 2019 23:13:08 +0530, Atul Gupta wrote:
> On 4/11/2019 10:10 PM, Jakub Kicinski wrote:
> > On Thu, 11 Apr 2019 09:47:09 +0530, Atul Gupta wrote:
> >> On 4/10/2019 9:28 PM, Jakub Kicinski wrote:
> >>> On Wed, 10 Apr 2019 10:56:37 +0530, Atul Gupta wrote:
> >>>> On 4/9/2019 11:31 PM, Jakub Kicinski wrote:
> >>>>> On Tue, 9 Apr 2019 08:22:34 -0700, Atul Gupta wrote:
> >>>>>> Extends Inline TLS record processing to TLS client. connect
> >>>>>> API is added to tls_context to setup hardware for TLS
> >>>>>> connection and handshake. Functionality wise, this makes the solution
> >>>>>> end-to-end Inline TLS capable. TLS server and client
> >>>>>> can operate in Inline mode and leverage hardware for complete
> >>>>>> TLS record offload.
> >>>>>> [0004] Adds the IPv6 support for Inline TLS server/client.
> >>>>>>
> >>>>>> RFC series for this patch was created against net-next and
> >>>>>> submitted on 18 Jan'2019.
> >>>>>> This series is created against Herbert branch.
> >>>>> Sorry if someone already asked this, but is your HW doing full ToE
> >>>>> for all this TLS "record offload" stuff?
> >>>> Yes Jakub
> >>> So from what I grok you already feed all the data directly to the
> >>> socket completely bypassing the lower layers of the networking stack,
> >>> and with this patch set you'd also move 3WHS into the FW?
> >> Yes, that's correct.
> > I believe then it's a no-go from netdev perspective.
>
> Inline TLS record offload path is kept out of netdev and leverages
> offload capabilities for crypto
Inline TLS record offload path bypasses the networking stack and feeds
data directly into the socket. If we also allow offloading 3WHS the
connection will become invisible to the stack, queueing, packet
filtering etc.
I think the "netdev community" feels pretty strongly about preventing
protocol ossification and bypassing crucial parts of the infrastructure.
next prev parent reply other threads:[~2019-04-11 18:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-09 15:22 [crypto 0/4] Inline TLS client and v6 support Atul Gupta
2019-04-09 18:01 ` Jakub Kicinski
2019-04-10 5:26 ` Atul Gupta
2019-04-10 15:58 ` Jakub Kicinski
2019-04-11 4:17 ` Atul Gupta
2019-04-11 16:40 ` Jakub Kicinski
[not found] ` <ae56c100-d072-bf6b-465a-5136d29b84be@chelsio.com>
2019-04-11 18:45 ` Jakub Kicinski [this message]
2019-04-11 18:52 ` David Miller
2019-04-15 9:10 ` Atul Gupta
2019-04-15 9:36 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190411114506.10d19a40@cakuba.netronome.com \
--to=jakub.kicinski@netronome.com \
--cc=atul.gupta@chelsio.com \
--cc=davem@davemloft.net \
--cc=dt@chelsio.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox