Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Enable TCP offload support on tls connecitons

Maxim Dounin
August 06, 2020 09:26AM
Hello!

On Tue, Aug 04, 2020 at 04:46:00PM +0530, rohit maheshwari wrote:

> On 29/07/20 7:48 PM, Maxim Dounin wrote:
> > Hello!
> >
> > On Wed, Jul 29, 2020 at 02:44:06PM +0530, Rohit Maheshwari wrote:
> >
> > > # HG changeset patch
> > > # User Rohit Maheshwari <rohitm@chelsio.com>
> > > # Date 1595354862 -19800
> > > # Tue Jul 21 23:37:42 2020 +0530
> > > # Node ID 32c7a0088f6d259163bb2820db0b44d36659b333
> > > # Parent 32a343635b50662979975e1204417bb1fc7e1b1f
> > > Enable TCP offload support on tls connecitons
> > >
> > > Linux provides feasibility to enable TOE BYPASS iff setsockopt
> > > of type TCP_ULP is called just after socket creation. After that
> > > only, driver can register its TCP callbacks and move to TCP
> > > listen.
> > For TLS connections, setsockopt(TCP_ULP, "tls") is expected to be
> > called by the SSL layer. You may want to elaborate more on why
> > you are trying to call it on all connections instead.
>
> The main reason of calling it here is, to override stack's TCP
> listen with TCP offloaded listen, and so that TOE supported
> HW will get aware of the incoming TCP connection open
> request, and establishes and maintains that connection.
>   I agree, it should have been called by SSL layer, but, since
> the socket is opened here, in my understanding SSL layer
> won't be aware of this server socket ever.

Shouldn't it be enough for the HW that the socket of a particular
connection is properly marked with setsockopt() by the SSL layer?

Either way, if the intention is to only touch listening sockets
with SSL enabled, the patch is clearly wrong: it touches all
listening sockets, not just SSL ones, as well as DNS client
sockets which aren't listening and never use SSL.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Enable TCP offload support on tls connecitons

Rohit Maheshwari 195 July 29, 2020 05:14AM

Re: [PATCH] Enable TCP offload support on tls connecitons

Maxim Dounin 30 July 29, 2020 10:20AM

Re: [PATCH] Enable TCP offload support on tls connecitons

rohit maheshwari 27 August 04, 2020 07:18AM

Re: [PATCH] Enable TCP offload support on tls connecitons

Maxim Dounin 30 August 06, 2020 09:26AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 72
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready