Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Enable TCP offload support on tls connecitons

rohit maheshwari
August 04, 2020 07:18AM
On 29/07/20 7:48 PM, Maxim Dounin wrote:
> Hello!
>
> On Wed, Jul 29, 2020 at 02:44:06PM +0530, Rohit Maheshwari wrote:
>
>> # HG changeset patch
>> # User Rohit Maheshwari <rohitm@chelsio.com>
>> # Date 1595354862 -19800
>> # Tue Jul 21 23:37:42 2020 +0530
>> # Node ID 32c7a0088f6d259163bb2820db0b44d36659b333
>> # Parent 32a343635b50662979975e1204417bb1fc7e1b1f
>> Enable TCP offload support on tls connecitons
>>
>> Linux provides feasibility to enable TOE BYPASS iff setsockopt
>> of type TCP_ULP is called just after socket creation. After that
>> only, driver can register its TCP callbacks and move to TCP
>> listen.
> For TLS connections, setsockopt(TCP_ULP, "tls") is expected to be
> called by the SSL layer. You may want to elaborate more on why
> you are trying to call it on all connections instead.

The main reason of calling it here is, to override stack's TCP
listen with TCP offloaded listen, and so that TOE supported
HW will get aware of the incoming TCP connection open
request, and establishes and maintains that connection.
  I agree, it should have been called by SSL layer, but, since
the socket is opened here, in my understanding SSL layer
won't be aware of this server socket ever.

One other way is open socket in SSL layer, and it will take care of
calling setsockopt internally.

#if (NGX_LINUX && NGX_TOE)
             s = BIO_socket(ls[i].sockaddr->sa_family, ls[i].type,
                            0, 0);
#else
             s = ngx_socket(ls[i].sockaddr->sa_family, ls[i].type, 0);
#endif

But this increases nginx code complexity, and that is the reason I
avoided above change.
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Enable TCP offload support on tls connecitons

Rohit Maheshwari 196 July 29, 2020 05:14AM

Re: [PATCH] Enable TCP offload support on tls connecitons

Maxim Dounin 32 July 29, 2020 10:20AM

Re: [PATCH] Enable TCP offload support on tls connecitons

rohit maheshwari 27 August 04, 2020 07:18AM

Re: [PATCH] Enable TCP offload support on tls connecitons

Maxim Dounin 31 August 06, 2020 09:26AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 80
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready