[PATCH] Enable TCP offload support on tls connecitons
Maxim Dounin
mdounin at mdounin.ru
Thu Aug 6 13:25:53 UTC 2020
Hello!
On Tue, Aug 04, 2020 at 04:46:00PM +0530, rohit maheshwari wrote:
> On 29/07/20 7:48 PM, Maxim Dounin wrote:
> > Hello!
> >
> > On Wed, Jul 29, 2020 at 02:44:06PM +0530, Rohit Maheshwari wrote:
> >
> > > # HG changeset patch
> > > # User Rohit Maheshwari <rohitm at chelsio.com>
> > > # Date 1595354862 -19800
> > > # Tue Jul 21 23:37:42 2020 +0530
> > > # Node ID 32c7a0088f6d259163bb2820db0b44d36659b333
> > > # Parent 32a343635b50662979975e1204417bb1fc7e1b1f
> > > Enable TCP offload support on tls connecitons
> > >
> > > Linux provides feasibility to enable TOE BYPASS iff setsockopt
> > > of type TCP_ULP is called just after socket creation. After that
> > > only, driver can register its TCP callbacks and move to TCP
> > > listen.
> > For TLS connections, setsockopt(TCP_ULP, "tls") is expected to be
> > called by the SSL layer. You may want to elaborate more on why
> > you are trying to call it on all connections instead.
>
> The main reason of calling it here is, to override stack's TCP
> listen with TCP offloaded listen, and so that TOE supported
> HW will get aware of the incoming TCP connection open
> request, and establishes and maintains that connection.
> I agree, it should have been called by SSL layer, but, since
> the socket is opened here, in my understanding SSL layer
> won't be aware of this server socket ever.
Shouldn't it be enough for the HW that the socket of a particular
connection is properly marked with setsockopt() by the SSL layer?
Either way, if the intention is to only touch listening sockets
with SSL enabled, the patch is clearly wrong: it touches all
listening sockets, not just SSL ones, as well as DNS client
sockets which aren't listening and never use SSL.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list