public inbox for newlib-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin] Initial support for kernel offload of TLS receive.
@ 2022-07-11 11:51 Sebastian Huber
0 siblings, 0 replies; only message in thread
From: Sebastian Huber @ 2022-07-11 11:51 UTC (permalink / raw)
To: newlib-cvs
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=7293d1e7b6f1ef012710b1a2e0e7d89889c782e6
commit 7293d1e7b6f1ef012710b1a2e0e7d89889c782e6
Author: John Baldwin <jhb@FreeBSD.org>
Date: Mon Apr 27 23:17:19 2020 +0000
Initial support for kernel offload of TLS receive.
- Add a new TCP_RXTLS_ENABLE socket option to set the encryption and
authentication algorithms and keys as well as the initial sequence
number.
- When reading from a socket using KTLS receive, applications must use
recvmsg(). Each successful call to recvmsg() will return a single
TLS record. A new TCP control message, TLS_GET_RECORD, will contain
the TLS record header of the decrypted record. The regular message
buffer passed to recvmsg() will receive the decrypted payload. This
is similar to the interface used by Linux's KTLS RX except that
Linux does not return the full TLS header in the control message.
- Add plumbing to the TOE KTLS interface to request either transmit
or receive KTLS sessions.
- When a socket is using receive KTLS, redirect reads from
soreceive_stream() into soreceive_generic().
- Note that this interface is currently only defined for TLS 1.1 and
1.2, though I believe we will be able to reuse the same interface
and structures for 1.3.
Diff:
---
newlib/libc/sys/rtems/include/netinet/tcp.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/newlib/libc/sys/rtems/include/netinet/tcp.h b/newlib/libc/sys/rtems/include/netinet/tcp.h
index b5f01b3bc..5dc13eca2 100644
--- a/newlib/libc/sys/rtems/include/netinet/tcp.h
+++ b/newlib/libc/sys/rtems/include/netinet/tcp.h
@@ -178,6 +178,8 @@ struct tcphdr {
device */
#define TCP_TXTLS_ENABLE 39 /* TLS framing and encryption for transmit */
#define TCP_TXTLS_MODE 40 /* Transmit TLS mode */
+#define TCP_RXTLS_ENABLE 41 /* TLS framing and encryption for receive */
+#define TCP_RXTLS_MODE 42 /* Receive TLS mode */
#define TCP_CONGESTION 64 /* get/set congestion control algorithm */
#define TCP_CCALGOOPT 65 /* get/set cc algorithm specific options */
#define TCP_DELACK 72 /* socket option for delayed ack */
@@ -388,6 +390,7 @@ struct tcp_function_set {
* TCP Control message types
*/
#define TLS_SET_RECORD_TYPE 1
+#define TLS_GET_RECORD 2
/*
* TCP specific variables of interest for tp->t_stats stats(9) accounting.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-07-11 11:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-11 11:51 [newlib-cygwin] Initial support for kernel offload of TLS receive Sebastian Huber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).