- Add a new TCP_RXTLS_ENABLE socket option to set the encryption and authentication algorithms and keys as well as the initial sequence number.
- When reading from a socket using KTLS receive, applications must use recvmsg(). Each successful call to recvmsg() will return a single TLS record. A new TCP control message, TLS_GET_RECORD, will contain the TLS record header of the decrypted record. The regular message buffer passed to recvmsg() will receive the decrypted payload. This is similar to the interface used by Linux's KTLS RX except that Linux does not return the full TLS header in the control message.
- Add plumbing to the TOE KTLS interface to request either transmit or receive KTLS sessions.
- When a socket is using receive KTLS, redirect reads from soreceive_stream() into soreceive_generic().
- Note that this interface is currently only defined for TLS 1.1 and 1.2, though I believe we will be able to reuse the same interface and structures for 1.3.
Details
Details
- Reviewers
gallatin np jhb - Group Reviewers
transport - Commits
- rS360408: Initial support for kernel offload of TLS receive.
- tested with TOE on T6, and the interface has also been tested with a KTLS RX software solution
Diff Detail
Diff Detail
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 30544 Build 28290: arc lint + arc unit