[PATCH] Enable TCP offload support on tls connecitons
rohit maheshwari
rohitm at chelsio.com
Tue Aug 4 11:16:00 UTC 2020
On 29/07/20 7:48 PM, Maxim Dounin wrote:
> Hello!
>
> On Wed, Jul 29, 2020 at 02:44:06PM +0530, Rohit Maheshwari wrote:
>
>> # HG changeset patch
>> # User Rohit Maheshwari <rohitm at chelsio.com>
>> # Date 1595354862 -19800
>> # Tue Jul 21 23:37:42 2020 +0530
>> # Node ID 32c7a0088f6d259163bb2820db0b44d36659b333
>> # Parent 32a343635b50662979975e1204417bb1fc7e1b1f
>> Enable TCP offload support on tls connecitons
>>
>> Linux provides feasibility to enable TOE BYPASS iff setsockopt
>> of type TCP_ULP is called just after socket creation. After that
>> only, driver can register its TCP callbacks and move to TCP
>> listen.
> For TLS connections, setsockopt(TCP_ULP, "tls") is expected to be
> called by the SSL layer. You may want to elaborate more on why
> you are trying to call it on all connections instead.
The main reason of calling it here is, to override stack's TCP
listen with TCP offloaded listen, and so that TOE supported
HW will get aware of the incoming TCP connection open
request, and establishes and maintains that connection.
I agree, it should have been called by SSL layer, but, since
the socket is opened here, in my understanding SSL layer
won't be aware of this server socket ever.
One other way is open socket in SSL layer, and it will take care of
calling setsockopt internally.
#if (NGX_LINUX && NGX_TOE)
s = BIO_socket(ls[i].sockaddr->sa_family, ls[i].type,
0, 0);
#else
s = ngx_socket(ls[i].sockaddr->sa_family, ls[i].type, 0);
#endif
But this increases nginx code complexity, and that is the reason I
avoided above change.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20200804/d1ab9a80/attachment-0001.htm>
More information about the nginx-devel
mailing list