From: Jakub Kicinski <kuba@kernel.org>
To: Sabrina Dubroca <sd@queasysnail.net>
Cc: netdev@vger.kernel.org, Vadim Fedorenko <vfedorenko@novek.ru>,
Frantisek Krenzelok <fkrenzel@redhat.com>,
Kuniyuki Iwashima <kuniyu@amazon.com>,
Apoorv Kothari <apoorvko@amazon.com>,
Boris Pismenny <borisp@nvidia.com>,
John Fastabend <john.fastabend@gmail.com>,
Shuah Khan <shuah@kernel.org>,
linux-kselftest@vger.kernel.org, Gal Pressman <gal@nvidia.com>,
Marcel Holtmann <marcel@holtmann.org>
Subject: Re: [PATCH net-next v3 3/6] tls: implement rekey for TLS1.3
Date: Mon, 14 Aug 2023 08:21:28 -0700 [thread overview]
Message-ID: <20230814082128.632d2b03@kernel.org> (raw)
In-Reply-To: <ZNpC4lAmlLn-5A9h@hog>
On Mon, 14 Aug 2023 17:06:10 +0200 Sabrina Dubroca wrote:
> 2023-08-11, 18:43:47 -0700, Jakub Kicinski wrote:
> > On Wed, 9 Aug 2023 14:58:52 +0200 Sabrina Dubroca wrote:
> > > TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXSW);
> > > TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
> > > conf = TLS_SW;
> >
> > Should we add a statistic for rekeying?
>
> Hmpf, at least I shouldn't be incrementing the existing stats on every
> update, especially not TLSCURR* :/
>
> I don't see much benefit in tracking succesful rekeys. Failed rekeys
> seem more interesting to me. What would we get from counting succesful
> rekeys?
No huge benefit from counting rekeys, the main (only?) one I see is
that when user reports issues we can see whether rekeys were involved
(given that they are fairly rare). It could help narrow down triage.
next prev parent reply other threads:[~2023-08-14 15:21 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-09 12:58 [PATCH net-next v3 0/6] tls: implement key updates for TLS1.3 Sabrina Dubroca
2023-08-09 12:58 ` [PATCH net-next v3 1/6] tls: remove tls_context argument from tls_set_sw_offload Sabrina Dubroca
2023-08-10 17:42 ` Simon Horman
2023-08-09 12:58 ` [PATCH net-next v3 2/6] tls: block decryption when a rekey is pending Sabrina Dubroca
2023-08-10 17:44 ` Simon Horman
2023-08-12 1:37 ` Jakub Kicinski
2023-08-09 12:58 ` [PATCH net-next v3 3/6] tls: implement rekey for TLS1.3 Sabrina Dubroca
2023-08-10 17:56 ` Simon Horman
2023-08-12 1:43 ` Jakub Kicinski
2023-08-14 15:06 ` Sabrina Dubroca
2023-08-14 15:21 ` Jakub Kicinski [this message]
2023-08-14 15:46 ` Sabrina Dubroca
2023-08-09 12:58 ` [PATCH net-next v3 4/6] docs: tls: document TLS1.3 key updates Sabrina Dubroca
2023-08-09 12:58 ` [PATCH net-next v3 5/6] selftests: tls: add key_generation argument to tls_crypto_info_init Sabrina Dubroca
2023-08-09 12:58 ` [PATCH net-next v3 6/6] selftests: tls: add rekey tests Sabrina Dubroca
2023-08-10 17:58 ` Simon Horman
2023-08-14 15:09 ` Sabrina Dubroca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230814082128.632d2b03@kernel.org \
--to=kuba@kernel.org \
--cc=apoorvko@amazon.com \
--cc=borisp@nvidia.com \
--cc=fkrenzel@redhat.com \
--cc=gal@nvidia.com \
--cc=john.fastabend@gmail.com \
--cc=kuniyu@amazon.com \
--cc=linux-kselftest@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=shuah@kernel.org \
--cc=vfedorenko@novek.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).